Spanish headquarters of Microsoft in La Finca Business Park in Pozuelo de Alarcón, Madrid.Ricardo Rubio / Europa Press / Europa Press via .
Microsoft has announced the dismantling of a botnet that, in its own words, constitutes “the largest online criminal network in the world”. This plot had affected more than nine million computers in different countries around the world. In Spain , Microsoft has actively collaborated with the National Institute of Cybersecurity (INCIBE) to identify and recover compromised devices, and the US company and its partners in 35 countries “have jointly adopted legal and technical measures”, as the company reports in a The company explained in its statement that it has also collaborated with the governments of Mexico, Colombia, Taiwan, India, Japan, Germany, France, Poland and Romania, among others.
A botnet or botnet is a system of computer equipment infected through malicious software (malware). Once corrupted, cybercriminals can remotely control those computers and use them to commit crimes. This particular network, called Necurs, is an old acquaintance: it was first detected in 2012 and since then it has distributed various forms of malware, including the GameOver Zeus banking Trojan.
Microsoft explains that it believes that Necurs is operated by criminals located in Russia and among its malicious uses are modifying the value of the shares listed on the Stock Exchange; send fake pharmaceutical spam emails and alleged dating scams with Russian women.
Necurs has also been used to attack other computers on the Internet, steal credentials for online accounts, personally identifiable information, confidential data, sell or rent access to infected computing devices to other cyber criminals, distribute malware, and ransomware to the financial sector, crypto miners, and even has a denial of service attack capability (DDoS). A denial of service attack aims to disable the use of a system, an application, or a machine. How is it done? Sending more requests than that machine can handle.
Furthermore, the botnet acts as a spammer. Over 58 days, a Necurs-infected computer sent a total of 3.8 million spam emails to more than 40.6 million potential victims, Microsoft has noted.
Millions of domains blocked
Last Thursday, March 5, the Eastern District Court of New York (United States) issued an order that allowed Microsoft to take control of the American infrastructure that Necurs uses to distribute malware and infect the computers of the victims, according to the company.
This operation was successful thanks to the analysis of a technique used by Necurs to systematically generate new domains through an algorithm. In this way, more than six million unique domains could be accurately predicted to be created in the next 25 months.
Microsoft reported these domains to the respective registries in countries around the world, so that the websites could be blocked, thus preventing them from being part of the criminal infrastructure.