Microsoft launches coordinated efforts to takedown malware software Necurs

Tech giant Microsoft and its partners across 35 countries took coordinated legal and technical steps to take down Necurs, a botnet which had infected more than nine million computers worldwide.

“This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks,” Microsoft said in an official statement.

A botnet is a computer network infected with malicious software or malware which is leveraged by cyber criminals gain access and control to computers.

The Necurs botnet is one of the largest networks in the spam email threat ecosystem that affects devices across the globe. “Necurs is believed to be operated by criminals based in Russia and has also been used for a wide range of crimes including pump-and-dump stock scams, fake pharmaceutical spam email and “Russian dating” scams,” said Tom Burt – CVP, Customer Security & Trust, Microsoft who detailed Microsoft’s effort in disrupting the network in an official blog published on Microsoft’s website.

Microsoft’s Digital Crimes Unit, BitSight and other cybersecurity experts first observed the Necurs botnet in 2012. The tech giant has since collaborated with law enforcement agencies, the government and Internet Service Providers (ISPs) to remove malware connected to the Necur botnet.

Microsoft, by analyzing a technique used by Necurs to systematically generate new domains through an algorithm was able to accurately predict over six million unique domains that would be created by the network in the next 25 months. The firm reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure.

In India

The network had affected a significant amount of devices in India as well. According to Microsoft’s report, among the list of countries affected by the network in March 2020 showed that 13.59 per cent of the distinct infected IP addresses were from India.

“India is also home to one of the largest number of super-nodes, also known as P2P (peer-to-peer) communication channels which is created by cybercriminals in order to prevent botnet disruption by law enforcement, network operators and researchers,” said the report.

The Microsoft Digital Crimes Unit partnered with the Computer Emergency Response Team (CERT-IN) and National Internet Exchange of India (NIXI) to disrupt cyberattacks led by the botnet in the country. This prevented future attacks by the people behind Necurs as it prevented the attackers from registering new domains.