The Necurs botnet is one of the largest botnets used to send malware and spam emails, steal login details, and deliver ransomware to unsuspecting users, and stopping it has been a major operation, involving 35 partners across 35 countries across the globe. Microsoft wrote on their blog blog about a network that as apparently affected more than nine million computers around the world.
“This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks,” explained MS cybersecurity expert Tom Burt.
The botnet originates from Russia, where one computer in the botnet alone sent 3.8 million spam emails to more than 40.6 million users during a two month period. It sounds like these networks have been fully utilised by their coordinators, and “has also been used for a wide range of crimes including pump-and-dump stock scams, fake pharmaceutical spam email and “Russian dating” scams. It has also been used to attack other computers on the internet, steal credentials for online accounts, and steal people’s personal information and confidential data.
“Interestingly, it seems the criminals behind Necurs sell or rent access to the infected computer devices to other cybercriminals as part of a botnet-for-hire service. Necurs is also known for distributing financially targeted malware and ransomware, cryptomining, and even has a DDoS (distributed denial of service) capability that has not yet been activated but could be at any moment.”
On March 5, the US District Court ED NY allowed Microsoft to “take control” of American-based infrastructure that is infected, aiding the fight, although it’s a global and ongoing effort.
“For this disruption, we are working with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania, among others. Each of us has a critical role to play in protecting customers and keeping the internet safe.”