McAfee botnet chart

Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.

For most of these months, Necurs has spent its time churning out "lonely girl" spam lures for adult websites, pump-and-dump schemes [1, 2], and delivering ransomware payloads. Overall, nearly two out of three spam emails sent in the last quarter of 2017 were sent from the infrastructure of this mammoth botnet.

Second on the list was the Gamut botnet, also built on Windows machines infected with malware that hijacks systems to send out spam. Gamut —while smaller in size when compared to Necurs— had previously been more active in Q3, sending more spam than the aforementioned.

In Q4, Gamut activity went down, but the botnet still accounted for 37% of all email spam, compared to Necurs' 60%. Most of Gamut's email subjects were related to job offer–themed phishing and money mule recruitment (tricking people to buy products with stolen money and sending the products to crooks; relaying money from hijacked bank accounts to crooks' accounts).

Ransomware statistics for Q4 2017

But the report, which takes an eagle-eye view of the malware scene in Q4 2017, also shines a light on the ransomware scene. McAfee says that the numbers of both desktop and mobile ransomware were up in late 2017, by 35% in Q4 and by 59% for the year.

On the desktop side, the security firm says that a big contributor to the growth of ransomware detections was the Ransom:Win32/Genasom family, a generic term that has been used for CryptoMix variants.

On the mobile scene, the number of new mobile ransomware families went down, but the number of infections continued to grow. But this part of the McAfee report is questionable, as another similar report from ESET said that mobile ransomware went down, not up, in 2017.

McAfee ransomware charts

Other malware statistics for Q4 2017

As for other malware trends, the McAfee Labs Threats Report for Q4 2017 contains the following findings:

✹  The number of new malware strains grew by 35%
✹  The total number of malware detections grew by 35%
✹  Waboot malware was the most detected threat of Q4 2017
✹  Mac malware grew by 24% in Q4 and 243% for the year
✹  Flashback (infostealer) and Longage (RAT) were the most prevalent Mac threats in Q4 2017
✹  JavaScript-based malware grew by 9%
✹  PowerShell malware more than tripled, growing by 267%
✹  Macro malware increased by 53% in Q4, declined by 35% in 2017
✹  Faceliker malware continued to grow after initial detection