Security News
Some consider Necurs to be the largest botnet ever, with estimates from 2017 indicating that, at the time, it consisted of more than 6,000,000 infected computers. In its blog post, Microsoft said that, along with partners, it's been spending the past eight years tracking and planning to knock the knees off Necurs.
Microsoft has bragged of downing a nine million-strong Russian botnet responsible for vast quantities of email spam. The Necurs botnet, responsible over the years for quite a considerable volume of spam - as well as being hired out to crims pushing malware payloads such as the infamous Locky ransomware and Dridex malware - was downed by Microsoft and its industry chums following a US court order allowing the private sector companies to go in hard and heavy on the botnet.
A New York State court issued an order this week giving Microsoft control of the U.S.-based infrastructure used by the notorious Necurs botnet in an effort to stop the world's most prolific and globally dispersed spam and malware infrastructure. The move came after Microsoft and partners across 35 countries cracked Necur's domain generation algorithm, which is what generates random domain names to allow the botnet to distribute malware and infect victim computers around the world.
Microsoft says it managed to disrupt the Necurs botnet by taking control of the U.S.-based infrastructure that it has been using to conduct its malicious activities. Necurs is a peer-to-peer hybrid botnet that uses a Domain Generation Algorithm to ensure bots could always connect to a command and control server.
Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure," Microsoft said.
Microsoft today announced that it has successfully disrupted the botnet network of the Necurs malware, which has infected more than 9 million computers globally, and also hijacked the majority of its infrastructure. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure," Microsoft said.
A mid-January spam campaign by criminals behind the popular Necurs botnet shows a dramatic drop in skill and savvy by perpetrators. "Things are changing and with major banking Trojan botnets moving away from Necurs and to distribution through inter-gang collaborations, Necurs has been left behind to distribute amateur spam campaigns in high volumes," IBM X-Force researchers said in a Monday post.
Using an on-again, off-again strategy of C2 communication helps it hide from researchers.
A recently observed spam campaign powered by the infamous read more
The Necurs botnet has been using Internet Query (IQY) files in recent waves of spam attacks in an ef read more