Microsoft strikes battle against Necurs botnet of 9 million systems

Microsoft has taken control of the US infrastructure of the Necurs botnet and prevented the botnet from expanding into new domains worldwide. It is said to be one of the world’s largest spam sending botnets.

On March 5, Microsoft received permission from a New York court to take over the management of US domains that Necurs used. When investigating the botnet, Microsoft analyzed the algorithms Necurs used to automatically generate new domains. This enabled the company to warn the registrars in different countries in advance and prevent the registration of the domains. Microsoft said it could predict that the botnet would register more than six million domain names in twenty-five months.

With this, Microsoft says it has dealt Necurs a major blow. It is suspected that the botnet is run from Russia and was used to rent out to criminals. Since the discovery in 2012, researchers have already seen that the criminals extend the functionality with modules. It would be the largest botnet for sending spam messages. Microsoft cites as an example that in the 58 days of the study, Necurs sent 3.8 million spam messages to 40.6 million systems.

The botnet is also associated with the spread of malware, ransomware and fraud attempts around stocks and dating. In addition, the botnet had the ability to perform ddos ​​attacks, but it had not yet been activated. Microsoft worked with providers, registrars and government organizations from countries including Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania. In 2016, the botnet was already temporarily less active after the arrest of 50 hackers in Russia.