In one of the biggest crackdowns against spam & botnets, Microsoft, in tandem with partners in 35 countries, has initiated “legal & technical steps” to disrupt one of the world’s most prolific botnets called Necurs, which had infected over 9 million computers globally.
This was a result of 8 years of tracking & planning, said Microsoft in an announcement, adding that its action would now ensure that the criminals behind this network were unable to use key elements of its infrastructure to execute cyberattacks.
Calling the Necurs botnet as one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world, Microsoft said during a 58-day investigation, it had found that one Necurs-infected computer had sent a total of 3.8 million spam emails to over 40.6 million potential victims.
Believed to be operated by Russia-based criminals, the botnet in question had been used for a wide range of crimes, including pump-and-dump stock scams, fake pharmaceutical spam email & “Russian dating” scams. It was also used to attack other computers on the Internet, steal credentials for Online accounts, & steal people’s personal information & confidential data.
Interestingly, it seems the criminals behind Necurs were selling or renting access to the infected computer devices to other cybercriminals as part of a botnet-for-hire service. Necurs was also known for distributing financially targeted malware and ransomware, cryptomining, & even had a DDoS (distributed denial of service) capability that had not yet been activated but could be at any moment.
Microsoft’s Digital Crimes Unit, BitSight & others in the security community had 1st observed the Necurs botnet in 2012, & had even seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control such computers remotely, & use them to commit crimes.
Microsoft said on March 5, the US District Court for the Eastern District of New York issued an order enabling Microsoft to take control of the US-based infrastructure Necurs used to distribute malware & infect victim computers. With this legal action, & through a collaborative effort involving public-private partnerships around the globe, Microsoft was spearheading activities to prevent the criminals behind Necurs from registering new domains to execute attacks in the future.
Microsoft had also taken the additional step of partnering with Internet Service Providers (ISPs) & others around the world to rid their customers’ computers of malware associated with the Necurs botnet. This remediation effort was global in scale & involved collaboration with partners in industry, government & law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).
Through CTIP, Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs & government agencies responsible for the enforcement of cyber laws & the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction.
via: Microsoft blog
Image by Gerd Altmann from Pixabay
