Microsoft knocks huge, global zombie botnet offline

Necurs malware had infected more then 9 million computers around the world

Anthony Cuthbertson
Wednesday 11 March 2020 08:03 EDT
Comments
Microsoft and partners disrupted the Necurs botnet, which had infected more than nine million devices around the world
Microsoft and partners disrupted the Necurs botnet, which had infected more than nine million devices around the world (Microsoft)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Microsoft has coordinated the take down of one of the world's most prolific botnets after eight years of tracking a cyber criminal network.

The Necurs botnet infected more than nine million computers globally and was being used to distribute several forms of highly advanced malware.

It was used to target tens of millions of potential victims through spam emails pushing everything from pump-and-dump stock scams, to "Russian dating" scams.

Botnets make use of security vulnerabilities in computers and other internet-connected devices in order to form a powerful network capable of carrying out cyber crimes.

Microsoft's Digital Crimes Unit, together with partners across 35 countries, began tracking the botnet in 2012.

In a blog post detailing the operation, Microsoft attributed Necurs to criminals based in Russia.

"The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world," Microsoft's Tom Burt wrote.

"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims... It has also been used to attack other computers on the internet, steal credentials for online accounts, and steal people's personal information and confidential data."

The criminals behind Necurs were also profiting from their cyber weapon by offering it to other hackers as part of a botnet-for-hire service.

Last week, a US court issued an order enabling Microsoft to take control of US infrastructure that was being used to build the botnet and infect victims with malware.

This legal step triggered action that saw Microsoft take control of domains and stop new ones from being registered, thus preventing the Necurs from being used to execute cyber attacks.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in