Some spam campaigns are more persistent than others. Over the years, disturbing numbers of deceptive email letters reach users, and these people end up on the verge of becoming infected. It is presumable that spam messages would originate from various hackers, various places and for various reasons.
However, a report from McAFee suggests that some spammers are on top of the leader board, surpassing all others in much bigger activity levels. We are referring to the Necurs and Gamut: these two botnets are currently the largest spam-servers in the world.
97% of all spam comes from Necurs and Gamut botnets
McAfee commenced an investigation of the last three months of 2017. The purpose was clear: to find out which botnets are the most active, and which ones are slowly fading away. However, the full report includes coverage of a lot of cyber issues like ransomware, crypto-miners and so on. The results (when it comes to research related to botnets) can be evaluated as shocking as two botnets are responsible for almost all of the spam, spread all over the globe.
Even though Necurs and Gamut are the clear leaders, one of them is more persistent than the other. While Gamut can be accredited with 37% of all spam, Necurs delivers 60%. This success for hackers is not necessarily shocking: Necurs has been one of the most active botnets around. It has been involved in the distribution of ransomware viruses and other malicious content.
What are botnets?
If you are reading this article and silently asking yourself what a botnet is, we will quickly answer this question for you. A botnet consists of a number of Internet-connected devices which become infected and are secretly controlled by attackers. Once a computer system becomes a part of a botnet, it can be referred to as a bot. To put it in very basic terms, a computer secretly does the bidding for hackers. Usually, owners of compromised computers have no idea that they have become marionettes for hackers.
Therefore, the attacker or a group of them can remotely control all devices that are connected to the botnet. Hackers can easily send instructions from their remote server to the compromised computers (or other devices) and force them to participate in a bunch of devious scams. The more successful the botnet, the more devices it controls. Some smaller botnets can control hundreds or thousands of computers, but some big ones can infect millions.
More about Necurs and Gamut botnets
Necurs botnet has launched one of the biggest spam campaigns in the history. It has been a part of the distribution of Locky, Scarab, Diablo6 and many other infamous ransomware viruses. The botnet began taking control of devices in 2012, and from a small collection of computers, it has grown into a massive bunch of remotely controlled devices. With this kind of power, hackers do serious damage. One of the most recent objectives of Necurs was to deliver the “lonely girl” spam, pump-and-dump stock spam and Locky ransomware downloaders. While Gamut is much smaller in size, it has also delivered a fair share of job offer-themes phishing and money mule recruitment emails.