Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


There is link between Angler, Necurs Botnet and Lurk Arrests

Team of Cisco Talos says that, the connections go much deeper in heart of crimeware underground than the formerly considered.

It has been proved that operators of Angler exploit kit are linked to the Lurk malware, which was utilized by Russians crew. Lurk is a banking Trojan which recently robbed approximately 25-million dollars from financial institutions accounts in Russia. In June, the Government of Russia announced that around 50 hackers behind this theft were arrested.

Few of the major hacking campaigns all over the world disappeared immediately after the hackers got arrested. Komando.com posted on July 10th, 2016, stating that Necurs' botnet remains inactive for almost 3 weeks.

According to team of Cisco Talos team, all the downtimes were not accidental. Cisco says, as per the analysis of many domain names that are used by the 3 cybercrime infrastructures, it discovered a familiar link among all.

As per the company, a man using the email address john.(.)bruggink@yahoo(.)co(.)uk registers 85% of 125 C&C (command and control) servers that are used by Lurk banking Trojan. Additionally, that address is connected to back-end communication of Angler exploit kit.

The Locky and Dridex campaigns along with Angler exploit kit also vanished for some time. As per the security experts, few of the events can be related. Cisco's Talos researcher's claims that 1 common email address was found by them that is binding Lurk and Angler together.

There are links and associations of various cybercrime groups, identical to partnerships between genuine businesses. Dridex gang might have taken about 3 weeks for navigating around problems that are caused due to arrest of Lurk gang, but they somehow managed in restoring the Necurs, botnet that was historically spreading Locky and Dridex.

Bedep used it to register the command-and-control infrastructure. If Angler found sny weaknesses on a computer, it could then either install Bedep Trojan or TeslaCrypt ransomware. In other words, users either found their files sealed and held for ransom or got several other malwares on their system.

The authorities of Russia pulled out Lurk and Angler but not the Necurs, even though the authorities took down few of the servers simultaneously.

ยป SPAMfighter News - 7/14/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page