The jack of all trades Necurs is history. Criminals have used the association of around 9 million compromised computers worldwide to send spam, cryptomining, copying login data and distributing ransomware, among other things.
As emerges from a blog entry, Microsoft was instrumental in the decommissioning. According to their own information, they have now gained control of the Necurs infrastructure and could prevent the masterminds from taking further action.
To achieve this, Microsoft has worked with various partners from 35 countries for eight years and tracked them down. They came across the scheme of how the Necurs backers create domains. Microsoft & Co. were able to open up over six million domains for the next two years and report them to registrars.
The registrars have blocked them so that the domains do not become part of Necurs. Thus, the Necurs masterminds are virtually paralyzed. According to their own information, the investigators have already taken control of existing domains.
In addition, Microsoft claims to work with Internet providers and other institutions such as CERTs to rid computers worldwide of Necurs malware.
The Necurs botnet first appeared on the radar of security researchers in 2012. Since then, the criminal network has been causing trouble worldwide. In 2017, the blackmail Trojan Locky was distributed via the botnet. In the same year it was also used to manipulate stocks. Necurs was also reportedly available to rent to other criminals.
First and foremost, Necurs was one of the most potent networks for sending spam mails. During a 58-day surveillance, investigators observed a computer on the botnet that sent 3.8 million spam emails to over 40 million victims during this period.
. (tagsToTranslate) Botnet (t) Microsoft (t) Necurs (t) Spam