Aug 15, 2018

Massive botnet suddenly shifts focus to hacking banks

Image: iStock via Getty Images

The vaunted Necurs botnet — a network of millions of hacked computers that do the bidding of criminals — suddenly shifted its focus this morning: Normally it sends consumers spam email pushing pharmaceuticals and penny stocks, but now it's conducting a more targeted phishing campaign to hack into bank networks, according to new research by Cofense.

Why it matters: Necurs is one of the largest spamming operations in the world, representing 60% of spam sent from botnets. That's a large operation to pivot — and almost certainly not one to change focus without some major goal in mind.

What happened? Cofense infects its own computers with botnet malware to keep tabs on what the botnets are doing. "Until yesterday, we were seeing subjects like '67% off pills.' This morning at 7 am, it entirely changed to subjects like 'Payment advice,' said Aaron Higbee, chief technology officer at Cofense.

  • Necurs had been sending emails to any address it could get its hands on. Now the emails were targeted to specific employees of 2700 different banks.
  • Cofense checked the LinkedIn pages of some of the would be victims that its computers received commands to target, and found that the emails appeared to be based on current rosters of bank employees.
  • The phishing emails contained a Microsoft Publisher file laced with malicious code using a technique known as a macro. Usually, macros are used with Excel and Word files. "In all our time doing this, we've never seen a '.pub' [publisher] file used this way before," Higbee said.
  • The .pub file installs remote access software known as "FlawedAmmyy" that would give hackers a foothold on bank networks.

The background: Last week, the FBI warned banks that a criminal group was planning to commit widespread ATM fraud this week, and to be on the lookout for hackers trying to manipulate bank accounts.

  • Cofense could not find a connection among the targeted banks based on size or location.

Necurs has existed since at least 2012. It is primarily known for spam, but has been used for other types of malware before, too — most famously with the "Dridex" program that stole users' bank-account credentials.

Go deeper

Navarro memos warning of mass coronavirus death circulated in January

Image from a memo to President Trump

In late January, President Trump's economic adviser Peter Navarro warned his White House colleagues the novel coronavirus could take more than half a million American lives and cost close to $6 trillion, according to memos obtained by Axios.

The state of play: By late February, Navarro was even more alarmed, and he warned his colleagues, in another memo, that up to two million Americans could die of the virus.

Go deeperArrowUpdated 6 mins ago - Health

Axios-Ipsos Coronavirus Index: The virus hits home

Data: Ipsos/Axios poll; Chart: Danielle Alberti/Axios

The share of Americans who know someone who's tested positive has more than tripled in just a few weeks, to 14%, according to the latest installment of our Axios-Ipsos Coronavirus Index.

  • It's still highest in the Northeast, but last week alone it doubled in the South — and it's becoming most pronounced among people who still must leave home to work.
Go deeperArrow21 mins ago - Health

World coronavirus updates: Governments tighten restrictions to curb cases surge

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens and confirmed plus presumptive cases from the CDC

Japan's Prime Minister Shinzo Abe announced plans to declare a state of emergency and a 108 trillion yen ($990 billion) stimulus package Tuesday, as several governments announced new restrictions amid a jump in cases.

The big picture: The virus is confirmed to have killed almost 75,000 people and infected 1.3 million globally as of early Tuesday, per Johns Hopkins data. Spain has reported the most cases outside the U.S. (more than 136,000) and Italy the most deaths (over 16,000) as half the planet's population is now on lockdown.

Go deeperArrowUpdated 1 hour ago - Health