Subscribe

Sharp decrease in spam botnet mailings

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 10 May 2017
The beginning of 2017 saw a sharp drop in the number of malicious mass mailings from Necurs.
The beginning of 2017 saw a sharp drop in the number of malicious mass mailings from Necurs.

The world's largest spam botnet, Necurs, demonstrated a relative decline in its fraudulent mailshot traffic in the first quarter of 2017. The volume of spam sent from this botnet remained at an extremely low level, contributing to an overall global decrease (56%) in malware attachments of e-mail traffic.

This is according to Kaspersky Lab's "Spam and phishing in Q1 2017" report, which found the first quarter of 2017 saw a sharp decrease in the amount of e-mail spam with malicious attachments, most of which come from the Necurs botnet. The global share of spam amounted to almost 56% of Q1 e-mail traffic on average, compared to 59.9% in Q4 2016, it adds.

The Necurs botnet is malware mainly known for sending large spam volumes and contains nearly five million infected bots. It is a modular piece of malware that is composed of a main bot module and malicious software.

According to the report, in Q1, more than half of all phishing attacks targeted the financial sector, including banks (almost 26%), payment systems (over 13%) and online shops (almost 11%).

"At the beginning of 2017, we witnessed a number of changes in spam flows, including a sharp drop in the number of malicious mass mailings from the world's largest spam botnet. In 2016, Kaspersky Lab identified a sharp increase in spam with malicious attachments, primarily with encryptors. Most of this traffic came from the Necurs botnet. However, at the end of December 2016, the network practically stopped, and not just for the Christmas holidays. The botnet's spam was at a very low level for almost the entire first quarter of 2017," reveals the report.

Kaspersky researchers suspect criminals were scared off by increased hype around the encryptors and decided to suspend mass mailings. However, the research notes this decision is unlikely to result in the extinction of this attack vector.

According to Israeli-based security solutions vendor Check Point Software Technologies in its "H2 2016 Global Threat Intelligence Trends" report, global ransomware attacks doubled during the second half of 2016.

"Out of all recognised malware incidents globally, the percentage of ransomware attacks increased from 5.5% to 10.5% between July and December 2016. Thousands of new ransomware variants were observed in 2016, at the end of the year, we witnessed a change in the ransomware landscape, as it became more and more centralised, with a few significant malware families dominating the market and hitting organisations of all sizes," says Check Point.

According to Trend Micro's annual security roundup report titled: "2016 Security Roundup: A Record Year for Enterprise Threats", cyber threats reached an all-time high in 2016, with a 748% increase in new ransomware families, ultimately resulting in $1 billion in losses for enterprises worldwide.

Share