How Microsoft Dismantled the Infamous Necurs Botnet

A years-long investigation and global cooperation disrupted one of the biggest botnets ever...

Microsoft takes down largest botnet network “Necurs”

By Deeba Ahmed The heydays of the Necurs botnet seem to be over for good because Microsoft and its associates in over 35 countries have joined hands against the notorious network. This is a post from HackRead.com Read the original post: Microsoft takes down largest botnet network “Necurs”...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Necurs Botnet in Crosshairs of Global Takedown Offensive

A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world’s most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 3...

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving...

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide

Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. The latest botnet takedown was the result of a coordinated operation involving...

As Necurs Botnet Falls from Grace, Emotet Rises

A mid-January spam campaign by criminals behind the popular Necurs botnet shows a dramatic drop in skill and savvy by perpetrators. In a shift from sending sophisticated messages with lethal payloads, Necurs botnets are now peddling get-rich-quick spam messages in what researchers are calling...

Necurs Botnet Evolves to Hide in the Shadows, with New Payloads

Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a fresh hiding technique to avoid detection while quietly adding more bots to its web. According to research from Black Lotus Labs, which is telecom and ISP provider CenturyLink’s network...

Spam and phishing in Q3 2018

Quarterly highlights Personal data in spam We have often said that personal data is candy on a stick to fraudsters and must be kept safe that is, not given out on dubious websites. It can be used to gain access to accounts and in targeted attacks and ransomware campaigns. In Q3, we registered a...

Threat Actors Eyeing IQY Files To Peddle Malspam

More threat actors are pushing weaponized Excel web query IQY files to deliver malicious code – as seen in recent campaigns by several major malspam distributors. Researchers at IBM X-Force this week disclosed that both the Necurs Botnet, as well as DarkHydrus and the threat actor behind the Mara...

This Week in Security News: Banks and Botnets

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI warned U.S. banks of a wide-scale cybercrime campaign called “ATM cash-out,” in which hackers use cloned ATM cards for fraudulent...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

This Week in Security News: Rules and Regulation

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, House lawmakers approved legislation for securing technology used to power critical infrastructures from cyberattacks. Read on to learn more...

Creative Spam Thinks Outside the Macro with .IQY Attachments

The Necurs botnet is driving a fresh spam campaign that uses Excel Web Query .IQY file attachments to skim under the antivirus radar. If successful, the attack ultimately delivers the remote access trojan RAT known as FlawedAmmyy. This is the third wave in an offensive that started in late May. T...

A week in security (May 21 – May 27)

Last week we told you about a Mac cryptominer using XMRig, an overview of Dreamcast related scams, part 1 of decoding Emotet, and what to do about bad coding habits that die hard. We also published the results of our second CrackMe contest. Other news How a pioneer of machine learning became one ...

A week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be...

Internet Shortcut used in Necurs malspam campaign

The Necurs botnet continues to be one of the most prolific malicious spam distributors, with regular waves of carefully-crafted attachments that are used to download malware. The majority of malspam campaigns that we track are targeting Microsoft Office with documents containing either macros or...

Talos Quarterly Threat Briefing - Winter 2018

Date: Tuesday, February 27, 2018 Time: 1:00pm ET/10:00am PT Topic: Miners, Malspam, and Meltdowns Recording available here: Space is limited for this event, so be sure to save your spot. Following the webinar, the video will also be made available here. In this edition of the Talos Quarterly Thre...

Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Necurs botnet activity is spiking as scammers use the network to flood inboxes with promises of companionship, in part of a seasonal wave of Valentine’s Day-themed spam. Victims are encouraged to share revealing photos of themselves, which scammers later use as leverage in extortion shakedowns. T...

Scarab ransomware: new variant changes tactics

The Scarab ransomware was discovered in June 2017. Since then, several variants have been created and discovered in the wild. The most popular or widespread versions were distributed via the Necurs botnet and initially written in Visual C compiled. However, after unpacking, we've found that anoth...