Not only are Necurs malware infections extremely difficult to detect, but infected devices may face compromised security, information theft, and/or become more vulnerable to other types of malware infections.
According to various estimates, Mamba controls about 85% of the market."Mamba is the number one Russian online dating service, which cooperates with major portals including Mail. The company’s database holds over 18.6 million registered users, over 40% of which are active.
The business model is centered on the “pay as you go” principle: the users are more inclined to pay for additional instant low cost services, rather than bigger monthly subscription.
Company’s billing system is one of the largest in the world with more than 40 possible ways to pay for Mamba’s services.
According to various estimates, Mamba controls about 85% of the market.
As such, organizations and individuals alike should strongly consider the following recommended mitigation tactics in order to help reduce their risk: • Block and restrict possible network activities associated with the Necurs dating affiliate domains (listed below).
• Never loan money nor give out personal information to anyone whom you have not met in-person • Use only trusted, well-known online dating sites Indicators of compromise (IOCs) are associated with the following domains: • datedfd[.]ru • datedfu[.]ru • datedgg[.]ru • dateghh[.]ru • dategtt[.]ru • datehgg[.]ru • dateioo[.]ru • datejhg[.]ru • datekll[.]ru • datelkk[.]ru • dateoii[.]ru • datersf[.]ru • datetgg[.]ru • dateuii[.]ru • dateuns[.]ru • dateffo[.]ru • dateffk[.]ru • dateffp[.]ru • datingmarm[.]ru • marmdating[.]ru Paul is a Senior Analyst at Flashpoint with over 15 years of experience in the threat intelligence and information security arena.In mid-April 2017, one particular Necurs botnet associated with Domain Generation (DGA) seed “5” began distributing dating affiliate scam emails.Also referred to as “lures,” these emails prompt the user to complete a registration form, after which point they receive information from USSR-Star[.]com, a Russian dating website known to target men in the Western Hemisphere seeking companionship.However, as the Necurs source code and its ownership remain closely-guarded by the administrator, the service is typically only available to heavily-vetted elite cybercriminals.Dating Affiliate Scams Dating affiliate scams are an extremely common spam tactic that enables cybercriminals to steal money from unsuspecting individuals by luring them into fake dating websites.They also currently offer an IP-based feedback loop.