‘Some major malware variants show less activity after arrests’

According to security firm Symantec, several major malware variants have shown less activity in recent weeks. These include the Locky ransomware, the Necurs botnet and the banking trojan Dridex. This would be the result of the recent arrest of fifty hackers.

Late last week, another security researcher also noted that the Angler exploit kit was gone. Symantec now writes that it comes to the same conclusion. Angler was the largest and most advanced exploit kit, primarily infecting victims with ransomware through vulnerabilities in software such as Flash and Silverlight.

Symantec reports that only a few new infections have been identified by Locky since the beginning of June, when Angler also disappeared. The ransomware may not be completely gone, but there has been a significant decline in activity, the company said. Dridex, which according to Symantec is distributed by the same spammers as Locky, also shows the same pattern. The Dridex botnet, which consists of infected computers, is said to still exhibit activity in the form of a few subnets here and there.

The Necurs botnet appeared to be out of activity, but appears to be getting active again. Symantec suspects the decline in activity is related to the arrest of 50 hackers in Russia. These would be linked to the so-called ‘Lurk’ group. However, that there is no direct connection, according to Symantec, would be apparent from the fact that the activity has not completely stopped. A possible explanation is that the infrastructure of the various malware variants has been affected by the arrests.