Necurs Botnet Developers Add DDoS Capabilities To Their Modular Malware

The last thing this world needs is botnets getting even more capable of causing havoc. Unfortunately, that is exactly what is happening with the Necurs botnet right now. In a recently update by the developers, this botnet malware has added a new trick to successfully execute DDoS attacks. It seems to be only a matter of time until the next global denial-of-service attack is initiated by a botnet operator.

A Big Update Makes Necurs Even More Dangerous

Up until this point, security researchers were concerned about Necurs malware delivering Locky ransomware to its victims. While that is disconcerting in its own right, the Necurs botnet developers are upping the ante once again. Their new update allows this tool to execute distributed denial-of-service attacks with relative ease once it infected a target computer. Once again, cyber criminals are stepping up their game

It is rather intriguing to note the Necurs source code was modified in September of 2016 to allow for DDoS attack capabilities. Additionally, a new proxy command-and-control communication feature was added around the same time. However, the botnet has not launched a successful DDoS attack so far, which leaves security researchers baffled. Then again, not having to deal with DDoS attacks is never a bad thing.

There are plenty of other things to worry about when it comes to Necurs, though. It is believed the malware has successfully infiltrated over one million Windows computers around the world. For now, this malware does not target Mac OS X and Linux users, although new variants may be introduced at a later date. Considering how Necurs is a modular malware, there is no limit as to what it may be capable of one year or one week from now.

To put this source code change into perspective, Necurs will make HTTP or UDP requests to any target decided upon by its creators. These requests will continue in an endless loop, which is very similar to how DDoS attacks work these days. With over 1 million infected computers at the developers’ disposal, a lot of damage can be done if someone decides to flip the proverbial switch.

It is important to keep in mind this recent change does not mean Necurs will no longer be used to distribute the Locky ransomware. After all, the malware has been most successful while doing so, and it is doubtful the developers will stop using this method anytime soon. The addition of executing DDoS attacks will only make this toolkit more popular among cybercrime gangs than before, as it is slowly evolving into a complete package to cause major havoc.

Moreover, this updated Necurs malware is capable of executing two different types of denial-of-service attacks. First of all, there is HTTPFlood, which will mainly target sites not using HTTPS. UDPFlood, on the other hand, will be used against all other targets the malware comes across. Evidently, it is only a matter of time until a major attack comes forth from this botnet, albeit it is anybody’s guess who will be targeted in the process.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.