Home > Cyber News > Necurs and Gamut Botnets Delivering 97% of All Spam to Your Inbox

Necurs and Gamut Botnets Delivering 97% of All Spam to Your Inbox

Have you been wondering who is behind the enormous amount of spam you receive in your inbox? Security researchers at McAfee have the answer – two botnets are at fault for 97 percent of all spam emails sent out in the last quarter of 2017.

Necurs and Gamut Botnets Spam Delivery in Last Quarter of 2017

One of the botnets, Necurs, is a well-known player. During the given period Necurs has been distributing primarily lonely-girl-type-of-spam messages as well as messages themed with stock and cryptocurrency information. These messages are carrying ransomware payloads.

Related Story: Spam in 2017: Cryptocurrency Scams Sneaked in the Inbox

The other botnet – Gamut – is smaller in size but is also quite persistent in its spam-delivering endeavors. In the last quarter of 2017, the Gamut botnet accounted for 37 percent of the overall email spam. As for the subjects of its spam messages, the botnet mainly delivered spam about job offers and money mule recruitment, the researchers said.

More about the Infamous Necurs Botnet

Necurs has been primarily used to spread spam emails in order to infect user systems. The botnet is usually deployed to infect systems with ransomware. Around June 1st, 2016, the botnet virtually stopped all its activities. The inactions of Necurs marked a decrease in malicious email spam but a bit later in 2016, Necurs was back once again.
While Necurs was pulled from the malware scene, there was a significant decrease in spam campaigns.

As it turned out, the botnet was down for some time because its authors were trying to make it more sophisticated. As it was frequently used, more and more security measures were able to detect and neutralize it. Last year, it became evident that the botnet can be used for a broader range of malicious operations. Researchers found out that the botnet is a modular piece of malware made of the main bot module and a userland rootkit.

Apparently, Necurs can dynamically load additional modules, too. To come to this conclusion the researchers made some quite intriguing observations. It was established that there was a command that would trigger the bot to start making HTTP or UDP requests to an arbitrary target in an endless loop. In other words, this description fits a DDoS attack.

Other Findings Include…

The McAfee report also highlights statistics about malware and ransomware distribution in general. The last quarter of last year “saw cybercriminals pivot from some of their tried-and-true methods, such as ransomware, toward newer tools and techniques, such as PowerShell malware and cryptocurrency mining”.

Other important findings include:

– New malware reaches an all-time high of 63.4 million new samples—a 10% increase over the third quarter of 2017.
– PowerShell malware grew 267% in the fourth quarter and 432% year over year—increasingly becoming a go-to toolbox for cybercriminals.
– Healthcare is a shot target with reported incidents targeting that industry increasing 211% in 2017.

Related Story: Proxy Module in Necurs Botnet Could Lead to DDoS Attack

To stay protected against malware infections, it is highly advisable to employ anti-malware protection on your system.


Malware Removal Tool

SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree