14 DAY TRIAL // The Necurs botnet, the largest malware distribution botnet known today, seems to be facing some technical problems, and the direct consequence of this downtime is a huge dip in Dridex and Locky distribution numbers.
Necurs is the collective network of computers infected with the Necurs rootkit. These bots band together to form a P2P network of interconnected computers into what's known as a peer-to-peer botnet.
These botnets have a central C&C server that communicates with smaller networks, called subnets, managed by special bots called workers, which then send orders to regular bots.
All Necurs activity stopped on June 1
Instructions can vary from DDoS attacks to spam distribution, but Necurs has been known for a long time for being the source of all the spam that sends out waves and waves of emails containing the Dridex banking trojan, and more recently, the Locky ransomware.
According to MalwareTech, the Necurs botnet has around 6.1 million bots, by far the largest botnet known to date.
As Proofpoint has revealed today, it appears that, starting June 1, all the activity from this botnet stopped cold.
Is Necurs down because of authorities or because of maintenance?
Researchers believe that someone has managed to sinkhole its main C&C server, something that had happened before. Maintenance operations should not be ruled out either.
"While this is not the first apparent Necurs outage we have seen, available data suggest that it involved a significant and ongoing failure of the C&C infrastructure behind the botnet," the Proofpoint team explains.
Unfortunately, this hasn't destroyed the botnet, because Necrus' P2P architecture and the usage of a Domain Generation Algorithm (DGA) have always allowed crooks to take control back of their botnet by plugging in another C&C server later on.
Permanent or temporary, what's known right now is that Dridex and Locky spam has stopped. The last time Necurs activity halted for so long was in the autumn of 2015, when a key player behind the Dridex gang was arrested in Cyprus.
