Spammers kill the mood on Valentine's Day

Read time 3min 10sec
Spam from Necurs could find its way into both consumer and employee mailboxes.
Spam from Necurs could find its way into both consumer and employee mailboxes.

Researchers from IBM X-Force have noted a huge surge from the Necurs botnet, which is flooding inboxes with promises of love in a wave of Valentine's Day spam that began in mid-January.

The infamous Necurs botnet is known to be connected to cyber criminals that spread banking Trojans, including Dridex and TrickBot, as well as ransomware, including Locky, Scarab and Jaff.

Necurs has been involved in many widespread spam campaigns and is believed to control up to six million zombie bots.

Best known for using seasonal trends to achieve its ends, the current campaign from Necurs reached more than 230 million spam messages within two weeks, with e-mails being sent out in excess of 30 million a day.

According to the researchers, Limor Kessem, Dirk Harz and Johannes Noll, this latest campaign sends short e-mail messages purportedly from Russian women living in the US. The messages come from a disposable e-mail address bearing the alleged author's name, but then ask the user to reply using another e-mail address associated with a different name.

While most spam is known for dreadful spelling and grammar, these e-mails are reasonably well worded and articulate.

Old tricks

Spam featuring messages from apparently interested women is an old trick. These mails normally feature basic text only, and are unlikely to successfully lure many individuals.

"However, when it comes to spam, mass volume makes for a numbers game, and fraudsters only need a small percentage of recipients to reply," say the researchers.

"The threat actors behind this campaign will likely lure their victims to share revealing photos and extort them, ask for money to visit, or simply infect them with malware."

The cyber criminals behind this and other botnets have one aim, and that is evading spam filters, to get mails into inboxes. These botnets are adaptable, using a variety of methods, altering the types of spam they spread, and coming up with new ways to hide it in different file types and e-mail scams.

"As a result, spam from Necurs could find its way into both consumer and employee mailboxes. The best way to thwart these scams is to increase employee awareness about the types of malicious e-mails they should never open or respond to," the researchers note.

Prevention better than cure

"Remember that e-mail is one of the most common communication methods, and that is why it is so popular with spammers, phishers and other cyber crooks," says Simon Campbell-Young, sales director of Credence Security.

"They adopt a 'mud against the wall' approach, knowing that if they send out enough mails, a percentage is sure to 'stick'. They are also very good at piquing the interest of their targets, so don't fall for it."

He says the first rule of thumb is to stay away from unsolicited e-mail. No matter how tempting the subject line may be, if it is unsolicited, don't open it. Send it to the tech department, which will know how to report it as abuse.

Campbell-Young also advises to never open attachments or click on links in e-mails if you are not 100% certain they come from a legitimate source. "The majority of malware is executable, usually in an .exe or .zip file. Sometimes they will appear in a Word or Excel document too. Rather err on the side of caution."

See also