The use of the Necurs botnet to spread Scarab ransomware over the Thanksgiving holiday helped propel Necurs up several places on Check Point’s Ten Most Wanted Malware list for November.
2. Rig EK
Necurs pushed out a total of 12 million malicious emails in one morning in late November Check Point reported helping move it from tenth to eight place for the month. The botnet’s use as a distributor for Locky and Globemaster helped it stay relevant, but the fact that Necurs managed to regain some strength as a favored botnet was no surprise to Check Point researchers.
“The re-emergence of the Necurs botnet highlights how malware that may seem to be fading away, doesn’t always disappear or become any less of a threat. Despite Necurs being well known to the security community, hackers are still enjoying lots of success distributing malware with this highly effective infection vehicle,” the Check Point research team wrote.
Necurs was one of many malware types making a move in November. While the top of the list remained dominated by the RoughTed malvertising campaign, Rig EK, Conficker and Ramnit all moved up the list, while Fireball and Pushdo maintained their positions. Locky, number two in October, fell down to tenth place, while Zeus slipped a few places to ninth in November.
Nivdort, a multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware appeared in November at number seven.