Microsoft cripples ‘biggest ever’ zombie bot network

Necurs bot network infected over nine million computers worldwide

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas announced it was part of a coordinated effort to take down the prolific Necurs botnet.

The software giant and partners across 35 countries cracked the Necurs domain generation algorithm (DGA), allowing the group to prevent the registration of new domains to be used in future attacks.

First identified in 2012, the Necurs network is one of the most potent malware botnets to date, reportedly infecting over nine million devices worldwide.

Once a device is infected, it can be used by criminals to distribute several forms of malware viaspam email. During its investigation - which spanned a period of eight years -Microsoftobserved one infected computer send out 3.8 million spam emails in just 58 days.

Necurs botnet

Necurs botnet

Necurs is reportedly operated by a Russian hacking syndicate, which sells or rents access to infected devices to other cybercriminals as a botnet-as-a-service style offering.

The botnet has been used to execute a wide range of crimes, including pump-and-dump stock scams, credentials theft, financially-targeted ransomware.

Necurs authors register domains (generated by its DGA) many weeks - even months - in advance, which opened the door to Microsoft and its partners.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We were able to predict over six million unique domains that would be created in the next 25 months,” said Tom Burt, Microsoft Corporate Vice President - Customer Security & Trust, in a blog post.

“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure.”

“By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet,” he added.

Having seized control of existing Necurs infrastructure, the company and its partners were able to cripple the botnet and build a comprehensive map of infected devices.

Microsoft says it is in the process of notifying affected individuals so they can take steps to remove the malware from their device.

ViaBBC

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Red One isn’t perfect but it proves we need more action-packed Christmas movies