Microsoft and its partners in 35 countries today have taken coordinated legal and technical steps to disrupt Necurs, one of the most prolific botnets that has infected more than nine million computers worldwide. The attack was the result of eight years of tracking and planning. Recall that a botnet is a network of computers that cybercriminals infected with malware that allows you to remotely monitor computers and use them to commit crimes.
Microsoft experts and their colleagues first observed the Necurs botnet in 2012 and were able to associate it with the spread of several types of malware, including the GameOver Zeus banking Trojan. Now it is one of the largest networks used by criminals for spam, fraud, attacks on other computers, theft of credentials and personal data. Necurs owners sell or rent access to infected systems to other criminals. In the West, Necurs is considered the brainchild of criminals from Russia. Microsoft analyzed the algorithm used by Necurs to automatically create new domains, which made it possible to accurately predict more than six million unique domains that will be created over the next 25 months. By transmitting this data to the respective registries of different countries, Microsoft was able to significantly limit the growth opportunities of the botnet. A week ago, the US District Court in the eastern district of New York allowed Microsoft to take control of the US infrastructure, which Necurs uses to spread malware and infect victim computers. At the same time, in partnership with Internet providers and other organizations around the world, steps have been taken to clean up computers from malware related to the Necurs botnet.