Microsoft takes down botnet that infected nine million devices

midian182

Posts: 8,321   +103
Staff member
What just happened? Microsoft has revealed it was part of a team that took down the Necurs botnet. The network had infected over nine million devices worldwide, making it one of the world’s largest botnets. It was used to send malware-packed spam emails, steal login details, deliver ransomware, and more.

Tom Burt, Microsoft's vice-president for customer security and trust, said the company worked with partners across 35 countries to disrupt the prolific botnet. “This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks,” he wrote.

First identified in 2012, Necurs is believed to be operated by a Russia-based hacking group who sell or rent access to the infected devices to other criminals . During a 58-day period in the investigation, it was found that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.

Microsoft and the others took down the botnet by breaking its domain generation algorithm (DGA), which generates random domain names that get turned into websites.

Necurs authors register the domains that are generated by its DGA weeks or months in advance, which allowed Microsoft and the team to disrupt the botnet. “We were able to predict over six million unique domains that would be created in the next 25 months,” said Burt.

“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.”

Once it broke the DGA and took control of Necurs’ infrastructure, Microsoft and its partners were able to cripple the botnet and create a map of the bots’ locations across the world. The company is now working with ISPs and CERT teams to notify affected users so they can remove the malware from their infected devices.

Central image credit: Nicescene via Shutterstock

Permalink to story.

 

ShagnWagn

Posts: 1,297   +1,085
"notify affected users"

So, how exactly are they going to do this? Door to door? Release a virus to pop up a warning window?

This is fine... go ahead and stop patching Win7... they will be used as bots to hack your precious downgrade called Win10.
 

psycros

Posts: 4,458   +6,650
"notify affected users"

So, how exactly are they going to do this? Door to door? Release a virus to pop up a warning window?

This is fine... go ahead and stop patching Win7... they will be used as bots to hack your precious downgrade called Win10.

The headline should have read, "Microsoft takes 8 years to patch an exploit," because the malware undoubtedly only worked on Windows.
 

cliffordcooley

Posts: 13,141   +6,439
Maybe we should allow our devices to be infected. They could shorten those 8 years, if we reach nine million devices earlier. </sarcasm>
 

BadThad

Posts: 1,222   +1,490
This is GREAT news! More needs to be done in this area to end this. The bulk of the problem is the hoards of ignorant users that fail to know that their PC has been corrupted.
 

Indianapolis

Posts: 10   +5
It seems like in recent weeks I have been getting FAR fewer obscene adult dating/hookup emails in my junk folder. I wonder if it's related to this take-down? If so, then I say job well done!