McAfee released its Q4 Labs Threats Report for Q4 2017. The report includes botnet campaign details regarding the Necurs and Gamut botnets, as well as Dridex banking Trojan and ransomware payloads from GlobeImposter, Locky and Scarab.
An excerpt from the McAfee report:
“In Q4 2017 we found that the Necurs and Gamut botnets comprised 97% of spam botnet traffic. (See the McAfee Labs Threats Report, March 2018.) Necurs (at 60%) is currently the world’s largest spam botnet. The infected computers operate in a peer-to-peer model, with limited communication between the nodes and the control servers. Cybercriminals can rent access to the botnet to spread their own malicious campaigns.
“The most common techniques are email attachments with macros or JavaScript to download malware from different locations. In October, the Locky ransomware campaign used Microsoft’s Dynamic Data Exchange to lure victims into “updating” the attached document with data from linked files—external links that delivered the malware.”
McAfee also reported that the count of new malware in Q4 reached an all-time high of 63.4 million new samples. There was also a big increase in cryptocurrency hijacking, which coincided with an increased market popularity in digital currencies.