Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a fresh hiding technique to avoid detection while quietly adding more bots to its web.
According to research from Black Lotus Labs, which is telecom and ISP provider CenturyLink’s network security arm, Necurs last year began implementing regular, sustained downtime segments for its command-and-control (C2) infrastructure – so that from about May of last year it was active for roughly three weeks before going quiet for two weeks, and then re-emerging again.
Most recently, the spells of downtime have elongated.
Read more…
Source: ThreatPost