Microsoft Corporation, together with partners from 35 countries, has launched a plan to disrupt the work of one of the largest botnet networks in the world, Necurs, consisting of more than 9 million infected computers. The company's specialists have been monitoring the network for about 8 years and planning actions that will ensure that criminals can no longer use key elements of the botnet infrastructure to carry out cyber attacks.
Recall that a botnet is a network of computers infected with malware, which are under the remote control of intruders. The researchers found that one computer, which is part of the Necurs botnet, sent 58 million spam emails in 3,8 days.
It is assumed that Russian hackers are behind Necurs, using a network of infected computers to perform various tasks, including fraud, identity theft, attacks on other computers, etc. According to Microsoft, part of the Necurs infrastructure is rented out to other cybercriminals. Among other things, the network is used to spread malware, ransomware, DDoS attacks, and more.
To disrupt the Necurs network, Microsoft analyzed the methodology the botnet uses to generate new domains. As a result, they predicted the generation of more than 6 million new domains within 25 months. This information was shared with registrars around the world to block these websites from becoming part of a botnet network. By taking control of existing websites and limiting the ability to register new ones, Microsoft was able to cause significant damage to the network, disrupting its operation.
Source: 3dnews.ru