A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the Necurs Botnet during the holiday season.
Necrus is a for-rent botnet that has, over the years, been used for DDoS attacks, pump-n—dump stock spam, malware created by professional cybercriminal gangs and more. The botnet is said to control up to 65 million compromised machines in total with 1-2 million active at any given time.
It utilizes a kernel-mode driver to create a backdoor allowing remote access and control of the infected computer. This allows the operators to download malware, hide components from detection, and stop security applications from functioning properly.
On December 19, the firm’s filters stopped a total of 45,976,814 malicious emails sent by the botnet. At peak traffic, filters caught a mammoth 4.6 million emails per hour, all of whom were 7zip files containing malicious visual basic scripts.
The researchers hypothesized that operators behind the ransomware campaign could have been testing and/or monitoring the rate of infections before realizing that most of their targets were away on vacation.
Image credit: Pixabay.