The world’s largest botnet, Necurs seen to be using new evasion techniques

Target: Worldwide

Attack Vector: A 2 stage download from a remote server

Summary: The latest spam distribution campaign by the world’s largest botnet Necurs, sees a number of different evasion techniques implemented by the authors, the main being an evolved download method for the final malware payload. The malware now implements a 2 step download method for the new final payload.

Risk assessment summary: This threat is assessed at 3d MODERATE. With these new evasion techniques, the risk of infection is raised as anti-virus software are less likely to discover new and unknown variants of Necurs and any other malware it may be downloading.

The risk is also heightened as the malware the botnet drops is constantly changing, dependent on what the authors want to use the victims’ devices for.