Necurs Botnet

The Necurs Botnet is an extensive network of servers that are used to deliver malware to compromised machines. The Necurs Botnet is run like a legitimate business, and its operators offer a robust data deployment infrastructure to other malware actors. The Necurs Botnet is run by a group that hosts the servers on US soil, but the hosting is located in states that can't be described as cooperative to the federal court’s system particularly. Computer security researchers note that the Necurs Botnet generates Web traffic to many countries across the globe and it can even bypass region restrictions.

The Necurs Botnet is observed to deploy various harmful programs on demand, and we can only speculate on the revenue it might be generating. Web traffic analysis revealed that the Necurs Botnet is used to push three Information Grabbing Trojan types, five families of banking malware, and handle the distribution of at least two ransomware families. The most notable strains noticed by researches include the Dridex Banking Trojan many versions of the GandCrab Ransomware and implementations of the Neutrino Exploit Kit. The portfolio of the Necurs Botnet is supplemented by support for dozens of phishing pages and fake Adobe Flash Player updates that may deliver Potentially Unwanted Programs (PUPs) to users. Most of the Trojan Droppers and weaponized Microsoft Word files associated with the Necurs Botnet rely on macro scripts to connect to download servers and drop the proper payload onto systems.

We recommend server administrators and regular PC users to update their protection solution regularly, as well as their Internet-facing applications. The Necurs Botnet may be used to scan for vulnerable routers and IoT devices, and you should make sure to use the latest firmware for your hardware. You should seek help from a computer technician if you can't close network ports on your router and have trouble protecting your home IoT network.