One of the world’s

largets botnets today

Necurs malware overview

Modular malware mainly known for sending large spam campaigns via email


It affects mainly Asian and European countries, but with more than 1.5 million infected computers, it also has active bots across almost every continent. The current number of related bots online is about 1,350,000, but each day more users are infected.

Necurs is modular malware with a lot of features, but it is mainly known for sending large spam campaigns via email. This large botnet is actually formed by 7 smaller botnets put together using the same malware.

Blueliv’s Threat Intelligence Lab team has performed a deep and detailed malware-reversal analysis on Necurs. We have deciphered and understood its advanced ‘self-protection’ features, including:

  • Persistence
  • Injects
  • Stealth mode
  • Rewall disabling
  • Encrypted communication

We also reveal how it behaves within the network and different ways it communicates with C2 and other infected bots.

Download the report for further detail, including code lines demonstrating the work performed by Blueliv Threat Intelligence Lab engineers.

Join our Community

The Blueliv Threat Exchange Network forms part of a wider cyber threat ecosystem centered around a strong, collaborative community, and we want you to be a part of it. Come and join the fight against cybercrime.

Join the Fight