Spam is back in a big way – levels that have not been seen since 201o in fact. That’s according to a blog post today form Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet, stated the blog’s author Jaeson Schultz.
“Many of the host IPs sending Necurs' spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two to three weeks. This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again. At Talos, we see this pattern over, and over again for many Necurs-affiliated IPs,” he wrote.