Botnet behind major malware attacks goes offline

A key piece of infrastructure for two major strains of malware appears to no longer be active

Since June 1, there has been no traffic coming out of a network of hijacked computers known as Necurs. Malware known as Dridex, designed to pilfer bank accounts, and the ransomware Locky both depended on Necurs and appear to no longer be propagating. 

{mosads}It is unclear why the Necurs network — known as a botnet — is down. Traffic appears to have stopped around the same time 50 Russian hackers were arrested, but there is no known connection between the hackers and Necurs. 

“We can only tell that the Dridex and Locky spam campaigns stopped since June 1 in our observation,” a representative of the security firm FireEye told the Motherboard website via email. “We cannot confirm how the botnet was brought down yet.” 

Senators Lindsay Graham (R-SC) and Sheldon Whitehouse (D-R.I.) have repeatedly introduced legislation to stop botnets, most recently with the Botnet Protection Act introduced late last month.

Like previous times the text of the act had been introduced as an amendment to other bills, the Botnet Protection Act was met with an outcry from civil liberties groups that worry the bill authorizes government hacking and relies on outdated legislation for enforcement.