World's Largest Spam Botnet Adds DDoS Feature

An anonymous reader writes from a report via BleepingComputer: Necurs, the world's largest spam botnet with nearly five million infected bots, of which one million are active each day, has added a new module that can be used for launching DDoS attacks. The sheer size of the Necurs botnet, even in its worst days, dwarfs all of today's IoT botnets. The largest IoT botnet ever observed was Mirai Botnet #14 that managed to rack up around 400,000 bots towards the end of 2016 (albeit the owner of that botnet has now been arrested). If this new feature were to ever be used, a Necurs DDoS attack would easily break every DDoS record there is. Fortunately, no such attack has been seen until now. Until now, the Necurs botnet has been seen spreading the Dridex banking trojan and the Locky ransomware. According to industry experts, there's a low chance we'd see the Necurs botnet engage in DDoS attacks because the criminal group behind the botnet is already making too much money to risk exposing their full infrastructure in DDoS attacks.

TIme to

BAN the BOTS!

Doesn't make any sense

Doesn't make any sense. Why would they go into DDoSing? These guys are making millions just from spam and ransomware. Isn't that enough?

Re:Doesn't make any sense

What, did I miss a rule somewhere that says non-criminal enterprises have a monopoly on greed?

5mil?

I don't believe there's a botnet of 5 million bots. Are there so many idiots?

Re:5mil?

You're one of them. Idiots, not bots, I mean.

Re:5mil?

[DonaId+Trump]

There are 5 million illegal bots, and they all voted for me, believe me!

Re: 5mil?

[gnuhost]

Butthurt much?

Re: 5mil?

Whose? Yours?

Re:5mil?

[realdonaldtrump]

Please remove this statement before we commence legal action.

Is there a test to see if your device is infected?

How is someone going to know they have this botnet infection?

Stupidity

[rtb61]

Refusal by the US and EU to engage with Russian law enforcement, in order to forment the appearance of conflict, in the insane attempt to sell more guns and bullets for no other reason than insensate greed, blocks the ability to mutually cooperate to end the problem, fucking morons.

Re:Stupidity

[Ploulack]

Probably that. And Putin's support of Assad with his and his father's 100.000s+ political kills. Or Ukraine meddling...but not too worry, real-politik is coming back.

Re:Stupidity

Yeah you're right, let's help the Russian government go after "the real criminals" ... I nominate you for ambassador.

Re:Stupidity

[DonaId+Trump]

FAKE NEWS! We're engaged bigly with Russian law enforcement. All I have to do is give them a name, and that guy has a heart attack the next day. It's tremendous, folks!

Re:Is there a test to see if your device is infect

You're one of them. Bots, not idiots, I mean.

Contradictory

[manu0601]

Why would they bother deploying a DDoS component if they did not intend to use it?

Perhaps they look after small DDoS against individuals, to gain advantage in network games, for instance. Or perhaps they are ready to split the botnet and resell parts to other actors that are interested in massive DDoS.

Re: Contradictory

Could be for self defense. Someone scanning the botnet might be in for a nasty record setting DDoS surprise.

Yet another botnet I have to stall?

See my subject: After all, what's in my p.s. below did that to ~10 botnets in 10 days time not long ago https://news.slashdot.org/comments.pl?sid=10020701&cid=53529963/

* Courtesy of "yours truly", gratis, using what you already NATIVELY have that stops the ability to get them in the 1st place & to stall their communique for coordination talking back to their C&C servers!

APK

P.S.=> For more speed, security, reliability & anonymity online doing MORE for FAR LESS vs. ANY single "so-called 'security solution'" that SLOWS YOU DOWN (hosts speed you up 2 ways)? To quote Mad Max in "The Road Warrior"?

"YOU TALK TO ME" & use APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk

Re:Yet another botnet I have to stall?

Looky, it's the spammer who offers to protect us from botnets. *laughter*

I'd do it too

This is how I read these articles: Putin wants to DDoS someone

Looky, it's an unidentifiable anonymous worm

See my subject: Who's ashamed of his real name & uses unidentifiable ac posts or multiple sockpuppets to harass me cuz he's butthurt I've blown his ass away so many times on hosts files' efficacy all he has is acting like a petulant child!

* LMAO!

(You're no man - a REAL man stands behind his words & you don't...)

APK

P.S.=> Truer words were NEVER SPOKEN on /. than those I just wrote now - & you know it, dying your 1,000 deaths of a TRUE COWARD every single day, you jealous little "ne'er-do-well" w/ no real skills in computing who is welcome to do a better program than mine (but you can't as you're just an unskilled MENIAL @ most)... apk

Re:Looky, it's an unidentifiable anonymous worm

Right below the subject, I see the name "Anonymous Coward", so... why do you use unidentifiable ac posts to call people out for making unidentifiable ac posts?

Read illiterate dolt (I sign MY posts)

See subject: I stand behind my words & work (which you have zero to show for yourself) unlike you, worm.

* I see you downmoderate my posts too!

I just repost (NO LIMITS here on that either, unlike a LIMITED in skills DOLT like yourself) & nullify that too!

(Clue: There is NO WAY you can outthink, outsmart or outdo me, get it?) ... & I'm FAR from afraid to show who I am + what I am capable of achieving that does users right in APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ the likes of which a LIMITED MENIAL DOLT like yourself cannot achieve (& you know it) or get the better of me on technically!

APK

P.S.=> What's it like KNOWING you wasted your pitiful life trolling instead of doing good things as I have? You act like a bitch w/ NO balls (due to being a fatherless bastard raised by women, hence why you're no man)... apk

Re:Read illiterate dolt (I sign MY posts)

Translation: Alexander Peter Kowalski (aka "APK" and "AlecStaar") has been getting banned from forums for spamming the same piece of shitware for nearly 20 years, trying to bullshit people regarding to his level of technical expertise, and then viciously attacking those who call him out on these things.

He also harassed people by email for a while until he made the unpleasant discovery that forging the return address didn't protect him nearly as well as he thought it would.

He started a major crapflooding campaign here on Slashdot a few years ago, trying to run several prominent long-time members off the site, as part of which he kept replying to himself, and then to his own replies, and then to those replies, and so on, and so on, until he'd posted so many levels deep that he (apparently) fucked up the database, nuking those accounts' posting histories in the process. It's very largely thanks to him that we now have all the posting limits with timers and such.

He tries to goad people into doing things that he later tries to claim (minus all the relevant context, naturally) started as attacks on him. This worked with Jeremy Reimer and some other people, but did not work with those who were smart enough to see through him including a number of Slashdotters who did a little digging and discovered his colourful history on Ars Technica and some other sites. One of them even discovered where he'd posted his home address and phone number on several sites asking people to send him money for his crapware, and sent him a little present in the mail all the way from Norway to let him know just how well using multiple ISP accounts and hiding behind proxies was working for him after he'd in essence doxxed himself.

He's been caught out numerous times sockpuppeteering (and doing a pretty shitty and obvious job of it), which is why he's so quick to accuse anyone who disagrees with him or downmods him of being a sockpuppet of everyone else who ever has.

He has (or had at one time) a /. account, but it got modded down so many times for spamming that it was posting at -1 by default within a few weeks of its creation. This is why he makes such a big deal about "signing" his AC posts, BTW, because at least that way he starts at 0.

Oh, and it really does appear, as nearly as I've been able to tell, that he lives in his mother's basement.

But don't just take the word of some random AC for any of this. Do a little research and you'll find out what I (and many others) have for yourself.

HAND.

Dear Mr. No Balls unidentifiable punk

See my subject: You're a fatherless little bastard. It explains why you act WORSE than a bitch (because that's what raised you).

* You also have NO TALENT & can't do things someone like I can either - prove otherwise. You & "your kind" (whimps/worms) can't.

(Of course, that'd mean you have to come out from under your "cover" of UNIDENTIFIABLE anonymous posting - & a PUSSY worm like YOU doesn't have the BALLS to do that, because you're worthless (& you KNOW it)).

APK

P.S.=> I pity a little piece of shit like you & yes, I also LMAO @ YOU too - I know what you are is why... apk

CNN "fakenews" arstechnica? LMAO!

y'd Pres. Trump BAN CNN from the whitehouse recently? They're shit. So is ars (see ps below).

I'm no sockpuppeteer. I don't use accts here (you project you sockpuppet & unidentifiably troll me).

I also own my own home fully paid off stupid. Do you? Doubt it.

There's also NO WAY I could have spoken of THIS program anywhere else as I didn't release it until 2012 as APK Hosts File Engine stupid!

You're a punk with NO BALLS & stalk me nigh constantly here using UNIDENTIFIABLE anonymous posts.

It tells me you DID use 1 of your doubtless MANY sockpuppets FAKE NAMES for your FAKE LIFE & I crushed you & I'd just toss that back in your whimp face...

APK

P.S.=> Arstechnica SLIMEBALLS? I CRUSHED 'em outta their private playpen - Jeremy Reimer & fat Jay Little - both had their servers removed by their hosting providers for email harassing me & putting up death threats... apk