Microsoft Disrupts Necurs – the World’s Largest Online Criminal Network
The Tech world was rife with news of the legal and technical actions taken by Microsoft and her partners in the last few days. The goal was the disruption of one of the world’s most prolific botnets (a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge), known as Necurs. It is said that Necurs has infected over nine million computers globally, to date, and it is believed that after eight years of tracking and planning, this disruption will finally put paid to the activities of the criminal masterminds who are driving this illegality.
The Necurs infrastructure uses malware to infect computers on a network and then controls those computers to perpetrate cybercrime. Since 2012 when this botnet was first observed, it has been accused of distributing several forms of malware. It is also said to be one of the largest networks in the spam email threat ecosystem. Other types of crimes which have been attributed to this network include dating scams and personal information theft.
The United States District Court for the Eastern District of New York, on March 5th 2020, issued an order which enabled Microsoft to take control of Necurs infrastructure in the U.S. This legal action, in addition to the global partnerships which Microsoft enjoys, will prevent Necurs from registering new domains for the purpose of executing attacks in the future.
Microsoft and her partners disrupted the network by analysing the technique used by Necurs to generate new domains, accurately predicting over six million unique domains which would be created in the next 25 months, and reporting those domains to the respective Registries all over the world. This will facilitate the blocking of these websites to prevent Necurs from adding them to their network and controlling them.
Microsoft is also collaborating with governments, law enforcement, and the private sector all over the world, through their Cyber Threat Intelligence Programme (CTIP) to provide better insights into criminal infrastructure within their constituencies and inform them regarding the compromised computers and the victims who suffer as a result of the actions of these criminals.
It is important to note that everyone who is active in the global internet ecosystem has a responsibility to keep cyberspace safe. We applaud Microsoft for driving efforts in this respect.
Culled from blogs.microsoft.com.
