Microsoft disrupted US-Based Infrastructure of the Necurs botnet

Microsoft announced that it took over the US-based infrastructure used by the infamous Necurs spam botnet that infected millions of computers.

Microsoft announced to have taken over the US-based infrastructure used by the Necurs botnet. The IT giant explained that success is the result of a coordinated legal and technical joint effort to disrupt the Necurs botnet, which has infected more than nine million computers globally.

The operation saw the participation of partners across 35 countries.

Necurs botnet is one of the largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, and the Dridex banking Trojan.

According to the experts, the botnet was used to send out roughly 3.8 million spam messages to more than 40.6 million targets during a 58-day long investigation.

The Necurs botnet is active since at least 2012, it is operated by the cybercrime gang tracked as TA505.

“Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.” reads the announcement published by Microsoft.

“On Thursday, March 5, the U.S. District Court for the Eastern District of New York issued an order enabling Microsoft to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers,”

The operation will prevent Necurs operators from registering new domains to employ in their malicious campaigns.

The experts were able to determine the algorithm used by the botnet to generate new domains, then they accurately predicted over six million unique domains that would be created in the next 25 months and reported them to their respective registries in countries worldwide. The registries were tasked to block the creation of such domains disrupting the Necurs infrastructure. Basically, Microsoft and partners were able to take over existing websites and preventing the registration of new ones.

Microsoft revealed that it has also collaborated with Internet Service Providers (ISPs) and other industry partners to help detect and sanitize infected computers.

“This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP),” concludes Microsoft.

“For this disruption, we are working with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania, among others.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X