McAfee report: 97% of all SPAM originated from 2 botnets in Q4 2017

Nearly all worldwide received spam in the last quarter of 2017 was sent by two botnets, according to antivirus vendor McAfee in a report (PDF). The botnets are called Necurs and Gamut, and can be rented by cyber criminals to sent out Spam, phishing mails, ransomware and other types of malware.

Together, the botnets were responsible for 97% of all spam worldwide. With a market share of 60%, the Necurs botnet was the most used, followed by the Gamut botnet with a market share of 37%. Lethic, Darkmailer and unmentioned botnets each account for a market share of 1% each. According to McAfee, the Necurs botnet is currently the largest spam bot net in the world.

The botnets consist of infected computers all over the world. The botnet owners use command and control servers to assign tasks to the bots. To hide their identity they use all kinds of sophisticated methods. “The infected computers operate in a peer-to-peer model, with limited communication between the nodes and the control server,” McAfee explains.

In the last quarter of 2017, ransomware variants GlobalImposter, Locky and Scarab were distributed through the Necurs botnet. Through the Gamut botnet, emails to recruit money-mules and phishing mails were sent.