Microsoft has cracked down on Necurs, a botnet that had been active since at least 2012. In fact, for the past eight years, Microsoft kept a close watch on Necurs’ activities that have infected more than nine million computers around the world.
Necurs Botnet infected over 9 million computers globally
Botnet is nothing but a combination of ‘robot’ and ‘network.’ Network cybercriminals use malware to breach the security of several users’ computers. These infected machines then become a part of a network full of bots.
Botnet activities try to infect a large number of computers and gain access to these machines in order to spread malware infection to more devices. In a nutshell, cybercriminals control and use these infected machines to spread the attack and perform malicious activities.
A botnet is capable of committing many different types of cybercrimes such as DDoS attacks, spreading malware, online fraud, and wide-scale phishing or spam campaigns.
Over the years, Necurs botnet has distributed several forms of malware, including banking malware trojans like GameOver Zeus. It primarily distributes malware trojans over its vast ecosystem of e-mail spam.
“During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.”
Experts believe cybercriminals behind Necursa are located in Russia. It has been used for a wide range of attacks like “Russian dating” scams, pump and dump stock scams, fake pharmaceutical spam e-mail attacks, among others.
“It [Necurs] has also been used to attack other computers on the internet, steal credentials for online accounts, and steal people’s personal information and confidential data.”
Cybercriminals behind Necurs apparently sell or rent access to the infected computer devices to other cybercriminals. This could very well be a part of its ‘botnet-for-hire’ service.
Last week, Microsoft obtained legal permission to control U.S.-based infrastructure that Necurs uses for distribution of malware trojans to infect victim computers.
Microsoft worked with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland, and Romania, among others.