Botnet

Necurs

First seen: 2012 • Status: disrupted

Disrupted by Law Enforcement

Necurs was a massive spam machine that sent billions of malicious emails until Microsoft and police shut it down.

Overview

Necurs was one of the largest spam botnets, distributing Locky ransomware, Dridex, and other malware. Microsoft led a takedown operation in 2020.

Also Known As

Necurs Botnet

How It Spreads

  • Spam campaigns
  • Exploit kits
  • Drive-by downloads

What It Does

  • Spam distribution
  • Ransomware delivery
  • Banking trojan distribution
  • DDoS attacks
  • Stock scams

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Necurs DGA domains
  • Check for spam bot indicators
  • Analyze email sending patterns
  • Review rootkit detection

MITRE ATT&CK Techniques

T1566, T1189, T1486, T1499

If You're Infected

  1. 1.

    Necurs was disrupted - legacy infections should be cleaned

  2. 2.

    Run rootkit detection tools

  3. 3.

    Remove persistence mechanisms

  4. 4.

    Block known Necurs infrastructure

Related Malware

Locky, Dridex, Emotet

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices