As Microsoft announced, the group, together with partners from 35 countries, has managed to disable the botnet necurs. A combination of technical and legal measures has largely destroyed one of the most active bot networks in the world.
The main blow to the botnet necurs is of a technical nature. In cooperation with security experts from all over the world, the group was able to implement the Botnet crack, with which Necurs could continuously generate new domains. Microsoft and its partners were able to precisely predict around six million domains that Necurs would have generated in the following 25 months.
Microsoft hacks the main botnet algorithm
After the algorithm had been cracked, Microsoft was able to report the domains to be generated to the national registration authorities. The registrars then blocked the domains in their systems so that they could not become part of the Necurs botnet. The company also managed to get a US district court to issue a court order that allowed Microsoft to take control of the infrastructure if it was on American soil.
With that, the Necurs botnet is largely at the end, as Microsoft in his security blog writes. Access by the criminal actors was no longer possible, at least in relation to important key areas of the botnet.
Success was preceded by around eight years of global investigative work. The Necurs botnet, which recently had more than nine million infected computers worldwide, was first noticed in 2010. Since 2012, the Microsoft Digital Crimes Unit began monitoring the botnet’s activities with the support of other partners. It was found that and how it spread malware.
Necurs was used for this
It didn’t stop there. Rather, Necurs was subsequently used for the entire range of botnet crime. Among them was the spread of Trojans and stock cams. The portfolio also included the classic sending of spam emails about counterfeit pharmaceutical products and Russian dating offers. Microsoft shows the extent using an example. For example, a single observed, infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims around the world in 58 days.
In addition, the criminals used Necurs for crypto mining, ransomware distribution and financial fraud. According to Microsoft, an existing function for carrying out DDOS attacks (Distributed Denial of Service), in which targeted attacked servers are overloaded and thus switched off, was available, but has not yet been activated. The criminals are also said to have rented access to their botnet as a botnet-to-hire. This allowed other cybercriminals to use the capacities of the 9 million device network for their own purposes.
Focus on removing the botnet from end devices
Microsoft suspects the operators of the Necurs botnet in Russia. So far, however, there are no further details.
The Group is currently working with Internet service providers worldwide to help affected computer users remove the botnet from their devices.
If you are concerned that your Windows computer is infected with malware, Microsoft recommends that you use the Safety scanners.
Suitable for this: French police clear 850,000 computers of malicious code
–
