Necurs Botnet

The Necurs Botnet is one of the modern botnet projects that is not used for DDoS (Distributed-Denial-of-Service) attacks exclusively. Instead, its authors are taking advantage of its features to power their massive malware propagation campaigns that rely on thousands of spam email messages that contain corrupted files and links. One of the interesting things that cybersecurity researchers noticed about one of the Necurs Botnet’s recent campaigns is that it relies on US-based servers to host and distribute the malware they chose. Often, cybercriminals tend to use hacked servers in countries where there is a reduced chance that the local government and companies will opt to co-operate with American law enforcement. Furthermore, most email services pay special attention to emails originating from locations known for malware spam, but the US-based servers used by the Necurs Botnet’s operators may bypass this security measure easily.

Of course, the Necurs Botnet’s size and abilities are used for other purposes too – it has been spotted carrying out DDoS attacks, participating in crypto-mining operations, and even serving as a flexible proxy service. Researchers say that an estimate of 570,000 devices are part of the Necurs Botnet, and the majority of them are situated in Indonesia, Vietnam, Turkey, Iran and India. Some pieces of malware that have been linked to the Necurs Botnet’s propagation campaigns are the infamous AZOrult and FlawedAmmyy.

Users whose computers are part of the Necurs Botnet may have no idea that their system is being used for harmful purposes. The only way to ensure that your computer is not participating in any shady activities without your knowledge is to use a trustworthy and regularly updated anti-virus application.