A new module has been added to Necurs, the world’s largest spam botnet, and can be used for launching DDoS attacks. The news comes from security researchers who believe the capability was added almost six months ago, and despite a Necurs yet to be attributed to a DDoS attack, if it did decide to use its bots for such an attack, the scale would be larger than anything we have seen before. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
“When observing the common motivations for DDoS attacks, the Necurs Botnet having functioning DDoS modules does not make a great deal of sense. Being focused on generating phishing revenue for hackers via Trojan infections and ransomware, most cannot imagine why hackers would include a DDoS module on Necurs botnet infected machines. If the DDoS functionality was ever used, it would likely gain the attention of law enforcement officials, primarily due to its firepower capabilities. One possible motivation was to use the botnet to sell DDoS-for-Hire services, but that seems unlikely.
“Another possible motivation could be centered around a “going down in a blaze of glory” mentality. Many hackers understand that as law enforcement gets closer to shutting down their operations, many would like to cause as much havoc as possible before they’re completely taken offline. They do this as a last ditch effort of gaining additional underground notoriety; while at the same time hoping to cover some of their tracks. Using this botnet for a massive DDoS attack could possibly accomplish both.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
“First of all, it should be praised that Ferrari have…
These findings aren’t very surprising given that unpatched zero-days provide…
These figures from Mandiant highlight how attackers are continuing to…
Just one week after the Zoll Medical data breach that…
Independent Living Systems (ILS), a Miami-based healthcare software firm providing…