World’s biggest botnet delivers new ransomware threat

The latest Global Threat Index from cyber security specialist Check Point reveals that the Necurs spam botnet — reckoned to be the largest in the world — is being used to distribute one of the latest ransomware threats.

During the Thanksgiving holiday in the US, Necurs sent over 12 million emails in just one morning, distributing the relatively new Scarab ransomware, first seen in June 2017.

“The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away doesn’t always disappear or become any less of a threat,” says Maya Horowitz, threat intelligence, group manager at Check Point. “Despite Necurs being well known to the security community, hackers are still enjoying lots of success distributing malware with this highly effective infection vehicle.”

The report also identifies the ‘most wanted’ malware. RoughTed, a malvertising program, tops the list. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack. In second place is Rig ek, an exploit Kit first introduced in 2014. It delivers exploits for Flash, Java, Silverlight and Internet Explorer. The infection chain starts with a redirection to a landing page that contains JavaScript that checks for vulnerable plug-ins and then delivers the exploit. Third is old favorite Conficker, a worm that allows remote operations and malware download controlled via a botnet.

For mobile devices Triada, a modular backdoor for Android which grants superuser privileges to downloaded malware, is in number one spot. In second is Lokibot, an Android banking Trojan and information-stealer, which can also turn into a ransomware that locks the phone in case its admin privileges are removed. Third is LeakerLocker, Android ransomware that reads personal user data, and then presents it to the user and threatens to leak it online if ransom payments aren’t made.

You can find out more about the Global Threat Index on the Check Point blog.