In recent days Microsoft together with partners from 35 countries, it carried out an important dismantling action on a botnet at the base of one of the largest cybercrime networks in the world. Necrus, this is the name of the botnet, has infected about 9 million computers in the world and one of the largest email spam networks, with a total volume of 3.8 million spam messages over two months affecting a basin of 40.6 million potential victims.
To send legs to the macaw Necurs Microsoft analyzed a technique used by the botnet to generate new domains through an algorithm, and tried to predict the 6 million domains that the botnet would try to register in the following 25 months, communicating them to the registration services domination in the various countries of the world so that they could be blocked to prevent future attacks.
Microsoft's action resulted from eight years of planning: the Redmond company, together with its cyber-crime division, observed Necurs' actions for the first time in 2012 when it deployed the malware known by the name of GameOver Zeus.
The botnet has been used over the years to conduct equity scams, pharmaceutical spam campaigns, ransomware and cryptomining campaigns, and has also been used to sell or rent access to infected devices as part of a botnet-for hire service. The botnet would also have the ability to perform DDoS attacks, although it has never been used for this purpose.
A US court issued an order last week that allows Microsoft to take control of Necrus' infrastructure in the US. In addition to blocking the registration of new domains, Microsoft is now working with internet service providers to remove Necrus malware from affected users' systems.
