Microsoft announced that it took over the US-based infrastructure used by the infamous Necurs spam botnet that infected millions of computers.
Microsoft announced to have taken over the US-based infrastructure used by the Necurs botnet. The IT giant explained that success is the result of a coordinated legal and technical joint effort to disrupt the Necurs botnet, which has infected more than nine million computers globally.
The operation sawthe participation of partners across 35 countries.
According to the experts, the botnet was used to send out roughly 3.8 million spam messages to more than 40.6 million targets during a 58-day long investigation.
The Necurs botnet is active since at least 2012, it is operated by the cybercrime gang tracked as TA505.
“Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.” reads the announcement published by Microsoft.
“On Thursday, March 5, the U.S. District Court for the Eastern District of New York issued an order enabling Microsoft to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers,”
The operation will prevent Necurs operators from registering new domains to employ in their malicious campaigns.
The experts were able to determine the algorithm used by the botnet to generate new domains, then they accurately predicted over six million unique domains that would be created in the next 25 months and reported them to their respective registries in countries worldwide. The registries were tasked to block the creation of such domains disrupting the Necurs infrastructure. Basically, Microsoft and partners were able to take over existing websites and preventing the registration of new ones.
Microsoft revealed that it has also collaborated with Internet Service Providers (ISPs) and other industry partners to help detect and sanitize infected computers.
“This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP),” concludes Microsoft.
“For this disruption, we are working with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania, among others.”
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Pierluigi Paganini
March 10, 2020
