Microsoft disrupts a botnet that infected 9 million computers

Published By: Lyndsey Creamer

Published On: March 30, 2020

This month, Microsoft and partners from 35 countries took steps to disrupt a botnet behind the world’s largest cybercrime network. The botnet, Necurs, has infected an estimated nine million computers worldwide, and it’s one of the largest spam email networks, generating as many as 3.8 million spam emails in a two-month period.

To disrupt Necurs, Microsoft analyzed a technique the botnet used to generate new domains through an algorithm. It then predicted over six million domains that would be created in the next 25 months and reported these to registries around the world, so that they can be blocked, preventing future attacks.

The action, Microsoft says, is the result of eight years of planning. Microsoft and its cyber crime-fighting cohorts first observed Necurs in 2012 and have seen it distribute malware like GameOver Zeus, which authorities squashed in 2014. It’s likely been involved in stock scams, fake pharmaceutical spam emails and “Russian dating” scams, and authorities believe it’s operated by Russia-based cybercriminals.

Earlier this week, a US District Court issued an order that allowed Microsoft to take control of the US-based Necurs infrastructure. In addition to blocking new domains from being registered, Microsoft is working with internet service providers (ISPs) to help remove Necrus malware from their customers’ computers.

This article was written by Christine Fisher and originally appeared in Engadget.

Ready to Get Started with mDS?

Fill-out the quick form & a MDS technical expert will contact you soon!

+1 (888) 123-4567