Microsoft cripples 'biggest ever' zombie bot network

News
By published

Necurs bot network infected over nine million computers worldwide

(Image credit: Shutterstock / Jaiz Anuar)

Microsoft has announced it was part of a coordinated effort to take down the prolific Necurs botnet.

The software giant and partners across 35 countries cracked the Necurs domain generation algorithm (DGA), allowing the group to prevent the registration of new domains to be used in future attacks.

First identified in 2012, the Necurs network is one of the most potent malware botnets to date, reportedly infecting over nine million devices worldwide.

Once a device is infected, it can be used by criminals to distribute several forms of malware via spam email. During its investigation - which spanned a period of eight years - Microsoft observed one infected computer send out 3.8 million spam emails in just 58 days.

Necurs botnet

Necurs is reportedly operated by a Russian hacking syndicate, which sells or rents access to infected devices to other cybercriminals as a botnet-as-a-service style offering.

The botnet has been used to execute a wide range of crimes, including pump-and-dump stock scams, credentials theft, financially-targeted ransomware.

Necurs authors register domains (generated by its DGA) many weeks - even months - in advance, which opened the door to Microsoft and its partners.

“We were able to predict over six million unique domains that would be created in the next 25 months,” said Tom Burt, Microsoft Corporate Vice President - Customer Security & Trust, in a blog post.

“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure.”

“By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet,” he added.

Having seized control of existing Necurs infrastructure, the company and its partners were able to cripple the botnet and build a comprehensive map of infected devices.

Microsoft says it is in the process of notifying affected individuals so they can take steps to remove the malware from their device.

Via BBC

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD