A new module has been added to Necurs, the world’s largest spam botnet, and can be used for launching DDoS attacks. The news comes from security researchers who believe the capability was added almost six months ago, and despite a Necurs yet to be attributed to a DDoS attack, if it did decide to use its bots for such an attack, the scale would be larger than anything we have seen before. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
“When observing the common motivations for DDoS attacks, the Necurs Botnet having functioning DDoS modules does not make a great deal of sense. Being focused on generating phishing revenue for hackers via Trojan infections and ransomware, most cannot imagine why hackers would include a DDoS module on Necurs botnet infected machines. If the DDoS functionality was ever used, it would likely gain the attention of law enforcement officials, primarily due to its firepower capabilities. One possible motivation was to use the botnet to sell DDoS-for-Hire services, but that seems unlikely.
“Another possible motivation could be centered around a “going down in a blaze of glory” mentality. Many hackers understand that as law enforcement gets closer to shutting down their operations, many would like to cause as much havoc as possible before they’re completely taken offline. They do this as a last ditch effort of gaining additional underground notoriety; while at the same time hoping to cover some of their tracks. Using this botnet for a massive DDoS attack could possibly accomplish both.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…