Skip to main content

Biggest botnet sends 12.5 MILLION emails containing ransomware. Here's how to spot one

Millions of computers are at risk of infection by a virulent spam attack that threatens to destroy your files, unless you pay a Bitcoin ransom.

The Scarab malware is being distributed by Necurs, the internet's largest email spam botnet, which has been used in a number of previous online onslaughts.

Within the first six hours of the attack 12.5 million emails had been distributed, with more than two million messages being sent out per hour at its height.

Millions of computers may have been infected by a virulent spam attack that threatens to destroy your files, unless you pay a Bitcoin ransom. The malware is being distributed by Necurs, the Internet's largest email spam botnet. This image shows an infected email

How to spot one.

The biggest giveaway of a malware email is that they are sent without being asked for, so it is always best practice to never open an unsolicited attachment. 

The subject line of emails in the Scarab attack suggests the image scans they contain were created using printers from a number of reputable firms.

This includes Lexmark, HP, Canon and Epson, giving the scam messages an appearance of legitimacy at first glance.

However, there may be spelling mistakes or other grammatical errors that give the game away. 

This might be in the subject line, email address or body text of the message.

Archive files, like the 7zip format used in the attack, are also another warning sign of potentially dangerous content.

These types of file can be used to try and bypass detection by anti-virus scans.

Security experts from anti-virus software company Forcepoint, based in Austin, Texas, were among the first to raise the alarm.  

They found infected files were hidden in fake scanned documents which, according to the subject line of affected emails, were supposedly created using printers from a number of reputable firms.

This includes Lexmark, HP, Canon and Epson, giving the scam messages an appearance of legitimacy at first glance.

Once an attached 7zip is downloaded and opened, the malware takes over your computer and files, threatening to erase them if the ransom isn't paid.

Top domain countries targeted in the attack are the US, UK and Australia, followed by France and Germany.

Despite its wide distribution, Scarab is detected by most anti-malware software, which means you should receive a warning about the infected files. 

Windows users unlucky enough to have been infected may be able to remove the malware by installing running anti-malware software in safe mode, although this is not guaranteed 

Writing on the firm's blog, security researchers Ben Gibney and Roland Dela Paz said: 'The payload itself, Scarab, is a relatively new ransomware family that was discovered in June.

'Once installed it proceeds to encrypt files.

'A ransom note with the filename "If You Want To Get All Your Files Back, Please Read This.Txt" is dropped within each affected directory. 

HOW DOES A BOTNET WORK?

A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware.

Users are often unaware of a botnet infecting their system. 

Once a botnet's owner is in control of your computer, they can use your machine in combination with others, over a network called a botnet, to carry out other nefarious tasks.

There are a number of common tasks executed by botnets including:

- Using your machine's power to assist in distributed denial-of-service (DDoS) attacks to shut down websites. 

- Emailing spam out to millions of Internet users.

- Generating fake Internet traffic on a third-party website for financial gain. 

- Replacing banner ads in your web browser specifically targeted at you. 

- Pop-ups ads designed to get you to pay for the removal of the botnet through a fake anti-spyware package.

This note is also automatically opened by the malware after execution.' 

A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. 

Users are often unaware of a botnet infecting their system.

Once a botnet's owner is in control of your computer, they can use your machine in combination with others, over a network called a botnet, to carry out other nefarious tasks.

There are a number of common tasks executed by botnets.

This can include using your machine's power to assist in distributed denial-of-service (DDoS) attacks to shut down websites. 

The can also be used to: email spam out to millions of internet users; generate fake Internet traffic on a third-party website for financial gain; replace banner ads in your web browser specifically targeted at you; enable pop-ups ads designed to get you to pay for the removal of the botnet through a fake anti-spyware package.

The biggest giveaway of a malware email is that they are sent without being asked for, so it is always best practice to never open an unsolicited attachment.

Archive files, like the 7zip format used in the attack, are also another warning sign of potentially dangerous content.

These types of file can be used to try and bypass detection by anti-virus scans.

Manually scanning suspicious emails with anti-virus and anti-malware software may also reveal any hidden infections, although this is not guaranteed - particularly if it has not been updated recently.

There may also be spelling mistakes or other grammatical errors in the subject line, email address or body text that give the game away.

Comments

Popular posts from this blog

Windows 10 now on 600 million machines.

Microsoft CEO Satya Nadella told shareholders that Windows 10 has now passed 600 million monthly active users, picking up 100 million since May of this year. This number counts all Windows 10 devices used over a 28-day period. While most of these will be PCs, there are other things in the mix there: a few million Xbox Ones, a few million Windows 10 Mobile phones, and special hardware like the HoloLens and Surface Hub. The exact mix between these categories isn't known, because Microsoft doesn't say. The company's original ambition (and sales pitch to developers) was to have one billion systems running Windows 10 within about three years of the operating system's launch. In July last year, the company acknowledged that it won't hit that target—the original plan called for  50 million or more phone sales a year , which the retreat from the phone market has made impossible. But at the current rate it should still be on track for somewhere in excess of 700 million use...

WZoneLite – A Pretty Cool WooCommerce Amazon Affiliate Plugin .

Everyone wants to make a million dollars by being a blogger. The promise of riches and internet fame is a big draw to doing it for a lot of people, and I’m sorry to say that the reality of being a blogger (even a professional blogger!) is not quite…as financially lucrative as all that. But that’s not to say that it  can’t be –one of the best ways to start your empire is with an Amazon affiliate plugin. For me, the Amazon Associates program has been one of the biggest earners for me over the years. Not only are there CPM ads like Google Adsense (you know, the normal banner ads we all love to hate), but any time someone clicks a link from your site, you get a percentage of  anything  they buy while the token from your site lasts in their browser. If they buy a song, you get a few cents. If they buy a new MacBook Pro and iPhone? You get…a lot more cents. With that in mind, WZoneLite is a  pretty cool WooCommerce Amazon affiliate plugin that syncs everything together s...

Game-changing SEO trends that will dominate 2018.

Changing nature of the rules of the game. As search engines strive to improve the quality of search results, some ranking factors shift shapes, others fall into oblivion, and completely new ones arise out of nowhere. To help you stay ahead of the game in 2018, here’s a list of the most prominent trends that are gaining momentum, with tips on how you can prepare for each. 1. The rise of SERP features Are you assuming a #1 organic ranking is  the  way to get as much traffic as possible? Think again. Increasingly, SERP features (local packs, Knowledge panels, featured snippets and so on) are stealing searchers’ attention and clicks from organic listings. And it’s only fair if you consider the evolution the Google SERP has been through. It has gone all the way from “10 blue links”… … to something that makes you feel like you’re part of a Brazilian carnival. What can you do about it? With the evolution of SERP features, it’s critical that you (a) track your rankings within...