Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.
For most of these months, Necurs has spent its time churning out "lonely girl" spam lures for adult websites, pump-and-dump schemes [1, 2], and delivering ransomware payloads. Overall, nearly two out of three spam emails sent in the last quarter of 2017 were sent from the infrastructure of this mammoth botnet.
Second on the list was the Gamut botnet, also built on Windows machines infected with malware that hijacks systems to send out spam. Gamut —while smaller in size when compared to Necurs— had previously been more active in Q3, sending more spam than the aforementioned.
In Q4, Gamut activity went down, but the botnet still accounted for 37% of all email spam, compared to Necurs' 60%. Most of Gamut's email subjects were related to job offer–themed phishing and money mule recruitment (tricking people to buy products with stolen money and sending the products to crooks; relaying money from hijacked bank accounts to crooks' accounts).
But the report, which takes an eagle-eye view of the malware scene in Q4 2017, also shines a light on the ransomware scene. McAfee says that the numbers of both desktop and mobile ransomware were up in late 2017, by 35% in Q4 and by 59% for the year.
On the desktop side, the security firm says that a big contributor to the growth of ransomware detections was the Ransom:Win32/Genasom family, a generic term that has been used for CryptoMix variants.
On the mobile scene, the number of new mobile ransomware families went down, but the number of infections continued to grow. But this part of the McAfee report is questionable, as another similar report from ESET said that mobile ransomware went down, not up, in 2017.
As for other malware trends, the McAfee Labs Threats Report for Q4 2017 contains the following findings: