Microsoft, along with partners from 35 countries, has largely destroyed the dangerous Necurs botnet. Coordinated legal and technical measures have ensured that criminals no longer have access to key components of the infrastructure of the world’s most active botnet, the Redmond-based company said.
Botnets consist of many hacked internet-connected devices. These are mainly personal computers, but also so-called smart devices such as networked home electronics. The Necurs botnet is said to have consisted of more than nine million computers. It is considered one of the largest networks for sending spam emails, such as fake pharmaceuticals or Russian dating deals. A single computer infected with Necurs sent a total of 3.8 million spam emails to more than 40.6 million potential victims.
Criminals used Necurs to spread Trojans like GameOver Zeus or so-called “pump and dump” stock spams. In the process, certain stocks are cheered up in the spam messages so that the share price rises in the short term. The fraudsters, who have previously covered themselves cheaply with the affected securities, can then sell them at a profit. The botnet can also be rented for criminal purposes.
The blow to the network was preceded by eight years of tracking the botnet and planning, according to Microsoft. On the one hand, it was possible to crack the algorithm with which Necurs was able to continuously generate new internet addresses (domains). This can be used to predict about six million domains that the botnet would have created in the next 25 months. These domains can then be blocked so that they could no longer be part of the botnet.
At the same time, Microsoft obtained a court order from a New York court to take over Necurs computers located in the United States. “This has enabled Microsoft to take control of the infrastructure that Necurs uses in the US to spread malware and infect victims’ computers,” Microsoft manager Tom Burt wrote in a blog post.