Microsoft worked together with partners from 35 countries to destroy one of the largest botnet networks on the planet, with no less than 9 million infected computers worldwide, so it could block almost any online platform.
Microsoft worked with its partners to destroy the botnet network called Necurs, and the process lasted no less than 8 years, so we are talking about an extremely long work that they completed, apparently, successfully.
"Today, Microsoft and partners in 35 countries took coordinated legal and technical action to disrupt one of the world's most prolific botnets, called Necurs, which has infected more than nine million computers globally. The action to dismantle and disrupt the operation of the network is the result of eight years of monitoring and planning and will help prevent the criminals behind this network from using key elements of the infrastructure to carry out cyber attacks.
A botnet is a network of computers that cybercriminals have infected with malicious software (malware). Once computers are infected, criminals can control them remotely and use them to commit crimes. Microsoft's Digital Crimes Unit, BitSight and other members of the cybersecurity community first noticed the Necurs botnet in 2012 and noted that it distributed several forms of malware, including the GameOver Zeus banking trojan.
The Necurs botnet is one of the largest networks in the email spam threat ecosystem, with victims in nearly every country in the world. For example, over a 58-day period in our investigation, we observed that a computer infected with Necurs sent a total of 3,8 million spam emails to more than 40,6 million potential victims.
Necurs is believed to be operated by criminals in Russia and has been used for a wide range of crimes, including pump and dump stock scams, sending fake pharmaceutical spam and spam and Russian scams. dating". It has also been used to attack other computers on the Internet to steal credentials for online accounts and steal personal information and confidential data. Interestingly, the criminals behind Necurs apparently sell or rent access to infected computers to other cyber criminals as part of a botnet-for-hire service. Necurs is also known for distributing malware for financial purposes and ransomware, cryptomining and even has DDoS (distributed denial of service) capability which has not yet been activated but could be at any time.
On Thursday, March 5, the US District Court for the Eastern District of New York issued an order allowing Microsoft to take control of the infrastructure located in the US that Necurs uses to distribute malware and infect victims' computers. Through this legal action and a collaborative effort involving public-private partnerships around the globe, Microsoft is taking action that will prevent the cybercriminals behind Necurs from registering new Internet domains to conduct future cyberattacks.
This was achieved by analyzing a technique used by Necurs to systematically generate new domains based on an algorithm. We were then able to accurately predict over six million unique domains that would be created over the next 25 months. Microsoft has reported these domains to their respective local Registries in countries around the world so that the websites can be blocked and prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and blocking the ability to register new ones, we have significantly disrupted the botnet.”
