Result – Dridex and Locky spam campaigns mysteriously have stopped!
Security researchers have recently reported that a steep drop in the traffic of the two most popular malware pieces – Dridex and Locky – has been observed. This could probably be related to the mysterious disappearing of one of the largest criminal botnets in the world – Necurs. Without any symptoms, the massive collection of zombie computers that were used to launch cyber-attacks has vanished into thin air – and out of the online space.
According to the observations, the Dridex and Locky spam campaigns, which were very active so far, have stopped since the beginning of June. There are still no evidence or information how exactly the botnet was knocked down.
The two malware threats, which relied the most on the fallen Necurs botnet, have also dropped down in traffic. The malicious script known as Dridex is a malware threat mostly to bankers and is used to perform bank account theft by withdrawing money from the unsuspecting victims’ accounts. Locky, on the other hand, is well-known and widely spread cryptovirus that belongs to the ransomware family. It is extremely notorious since it encrypts the victims’ files with a strong algorithm and keeps them a hostage until they pay a fat ransom in the form of crypto currency.
It is not really clear what would happen with these two malware threats now since their botnet structure appears to have gone offline. The good news is that a huge decrease in the malicious traffic is observed since the Necurs botnet is gone. No new botnet control servers that hackers could use to direct and monitor their attacks have appeared up until now. Could this mean that these extremely dangerous threats will disappear? Necurs was known as the world largest botnet. However, why exactly it disappeared remains a mystery for now and we sincerely hope nothing will emerge from its grave.