Necurs Botnet Shifts to Pump-and-Dump Scam Spam from Ransomware-Infected Junk e-Mails
The Necurs network-of-bots has resurfaced with active operations. However, rather than disseminating the banker Trojan Dridex or Locky ransomware, it's distributing spam mails in a scheme which artificially raises the stock prices of a company.
The said spam mail scheme is well-known as pump-and-dump scam within the information security industry. It's involved in dispatching huge spam amounts which attempt at persuading people towards purchasing stocks of a particular firm.
During the month of January, Cisco Talos had said of Necurs botnet as become deactivated, taking along with it all the Locky ransomware-infected junk messages.
Botnet Necurs has yet again been observed with a rise in spam mails during recent days. Security researchers state that instead of spreading malware via e-mail attachments, Necurs is dispatching huge amounts of penny stock pump-and-dump e-mails. Theregister.co.uk posted this, March 21, 2017.
When convinced spam mail recipients crowd for buying the stocks, there occurs a surge in those stocks' prices. And as certain desired value of the stock price becomes reality, operators of Necurs botnet begin selling those shares at the inflated value resulting in profits.
The above kind of spam scheme, since the 1990s, chiefly targets what's known as 'penny stocks' meaning shares or securities of small-scale firms which are traded at less than $5/share and the costs of which are influenced with just some hundreds of fresh sellers or purchasers per day.
During December 2016, Necurs was used for operating one similar campaign just prior to the botnet getting deactivated over an overtly lengthy time-period. Cisco Talos explains that Necurs' strategic shift away from malware dissemination could indicate an alteration within the manner cyber-criminals are trying utilizing the botnet more economically.
Now within one thorough assessment of Necurs botnet, Cisco Talos writes that the botnet is considered the biggest spam spewing network globally, therefore, its behavioral changes is likely to make an enormous impact on the kind as well as amount of junk e-mails landing inside users' inboxes.
However, Necurs could get back to disseminating any other ransomware family or the already Locky it was spreading since it means much greater profit compared to spewing any other spam messages.
» SPAMfighter News - 24-03-2017