Categories: News

Microsoft busted the dangerous Necurs botnets

Microsoft busted Necurs botnets, which infected more than nine million computers since 2012. Microsoft’s Digital Crimes Unit (DCU) worked together with BitSight and other partners across 35 countries.

They managed to disrupt it after years of study focused on Necurs malware, its botnets, and its command and control infrastructure. Researchers performed forensic analysis and also reverse engineering, malware analysis or modules updates. Also, they resorted to infection telemetry, command and control updates, and analysis of a technique used by Necurs to generate new domains through an algorithm. “We were then able to accurately predict over six million unique domains that would be created in the next 25 months,” said a Microsoft DCU spokesperson.

The reported the domains to their respective registries in countries around the world. Thus, the authorities could block the websites and prevent them from becoming part of the Necurs’ infrastructure.

Researchers believe that a single group controlled the botnets. Thus, of the eleven Necurs botnets they discovered, four were responsible for approximately 95% of all infections.

Necurs worked for seven years

Necurs was first spotted in 2012. It usually delivered malware, but it also supported many other illegal activities. After infecting systems, Necurs would weaken its security. This way, it would protect itself and attract other malware. But it could also disable a large number of security apps, including Windows Firewall.

Necurs botnets’ activity stopped in March 2019. In fact, it left about two million infected systems in the world in a dormant state. “From 2016 to 2019, it was the most prominent method to deliver spam and malware by criminals,” BitSight researchers mentioned. Also, they added that this was responsible for 90% of the malware spread by email worldwide. Its main uses have been as a spambot, a delivery mechanism for ransomware, financial malware and for running pump and dump stock scams.

The team said it is tracking more than 200 billion events every day, regarding malware. One of the most recent threats is the Coronavirus malware.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

View Comments

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago