Malspam campaigns, such as ones being distributed by Necurs, are utilizing a new attachment type that is doing a good job in bypassing antivirus and mail filters. These IQY attachments are called Excel Web Query files and when opened will attempt to pull data from external sources.
Necurs, the world's largest spam botnet, with millions of infected computers under its control, has updated its arsenal and is currently utilizing a new technique to infect victims.
Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.
Necurs, the world's largest spam botnet, is currently sending millions of spam emails that push an obscure cryptocurrency named Swisscoin.
A ransomware strain known as Scarab, and detected for the first time in June, is now being pushed to millions of users via Necurs, the Internet's largest email spam botnet.
Malware families evolve on a daily basis, but some updates catch your eye more than others. Necurs has just gone through one of these "interesting" updates, according to US security firm Symantec.
A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.
The Necurs botnet is back and active again, but instead of spreading the Locky ransomware or the Dridex banking trojan, its operators are engaged in a spam scheme that tries to boost a company's stock market price artificially.
Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March.
This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again.
For more than four weeks, the only source of Locky ransomware infections has been through spam campaigns that distributed the Kovter click-fraud malware, as the primary source of Locky infections, the Necurs botnet, has been offline for the Christmas and New Year holidays.
This was a big week for ransomware news primarily because the Necurs Botnet returned with a new campaign for the Locky ransomware. This week we also have 5 new ransomware infections, a change in the CryptXXX extension, and to end on a good note, a couple of decryptors.