World’s Largest Spam Botnet Adds DDoS Feature

Following the news that Necurs, the world’s largest spam botnet with nearly 5 million infected bots, of which one million active each day, has added a new module that can be used for launching DDoS attacks. Ben Herzberg, Security Research Group Manager at Imperva Incapsula commented below.

 Ben Herzberg, Security Research Group Manager at Imperva Incapsula:

Ben Herzberg“It is interesting that Necurs added a DDoS feature, but I wouldn’t be too alarmed.

Currently, IoT devices are easy prey for DDoS BotNets. At Imperva, we are seeing attempts to use IoT BotNets for things such as credential stuffing and other automated attacks, not just DDoS.  When you think about it – it’s common-sense as the attackers can monetize more out of the low hanging fruit, which in this case is the IoT devices which are easy to infect in large quantities.

On the other hand, using a good Desktop BotNet for DDoS attacks may not be a smart move. DDoS attacks are high profile, and that can lead to faster termination of BotNets.

Therefore, it seems likely that this is either a test module, or something to be used in a “doomsday scenario” – for example when the BotNet operators need it for a very good reason – not just as a normal ddos-for-hire campaign.”

In this article