Microsoft Shuts Down Necurs Botnet

Microsoft, in collaboration with its industry partners worldwide, announced Tuesday it has taken legal and technical action to take down the infamous Necurs Botnet, one of the biggest spam email and malware distributors to date.

In a blog post, the tech giant announced it has “significantly disrupted” Necurs after eight-long years of tracking and planning. On March 5, with a U.S. court order, Microsoft was able to take control of US-based infrastructure used by Necurs authors to send out new orders and distribute malware.

According to Tom Burt, Corporate Vice President, Customer Security & Trust, this effort, led by Microsoft, along with the help of public-private partnerships worldwide, will prevent criminals behind Necurs from registering new domains to launch future attacks. 

This was accomplished by analyzing a technique used by Necurs to systematically generate new domains through an algorithm. We were then able to accurately predict over six million unique domains that would be created in the next 25 months,” Burt explained.

“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.”

Discovered in 2012, Necurs stands as one of the largest spam botnets known to date, infecting over 9 million computers worldwide. Since its discovery, the botnet has been used by attackers in a number of criminal schemes, including in spam email campaigns and in malware strains distribution. At the course of the investigation, Microsoft discovered that one Necurs-infected computer could send about 3.8 million spam emails to over 40.6 million potential victims within a 58-day period.

To date, the tech company said it is working closely in collaboration with Internet Service Providers (ISPs) and other partners around the world to clear their customers’ computers of malware linked to the Necurs botnet.

“This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP),” added the post. “Through CTIP, Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies responsible for the enforcement of cyber laws and the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction, as well as a view of compromised computers and victims impacted by such criminal infrastructure.”

\\