An important piece of infrastructure for two major strains of malware appears to be inactive.
Since June 1, there has been no traffic coming out of a network of hijacked computers known as “Necurs.” Malware known as Dridex, designed to pilfer bank accounts, and the ransomware Locky both depended on Necurs and appear to no longer be propagating.
It is unclear why the Necurs network — known as a botnet — went down. Traffic appears to have stopped around the same time 50 Russian hackers were arrested, but there is no known connection between the hackers and Necurs.
“We can only tell that the Dridex and Locky spam campaigns stopped since June 1 in our observation,” a spokesperson of the security firm FireEye told the Motherboard website via email. “We cannot confirm how the botnet was brought down yet.”
Sens. Lindsey Graham (R-S.C.) and Sheldon Whitehouse (D-R.I.) have repeatedly introduced legislation to stop botnets, most recently with the Botnet Protection Act introduced late last month.
The measure, which has been introduced as an amendment to other bills in the past, was again met with an outcry from civil liberties groups that worry the bill authorizes government hacking and relies on outdated legislation for enforcement.