Microsoft in a blog post wrote that it has “significantly disrupted” the botnet by taking legal actions against it, after the struggle of eight long years of planning and tracking.
On March 5, with the United States court order, Microsoft was able to control the U. S network and infrastructure used by the botnet and stop it from distribution.
According to Tom Burt, Corporate Vice President, Customer Security & Trust, this action by Microsoft with the corporation of public-private partnership globally will be a big setback to hackers and cyber criminals and will prevent them from launching future attacks.
“This was accomplished by analyzing a technique used by Necurs to systematically generate new domains through an algorithm. We were then able to accurately predict over six million unique domains that would be created in the next 25 months,” Burt explained.
“Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.”
The Necurs botnet was discovered in 2012 and it rose from there to the largest distributor of spam mails and malware. It is the largest spam bot till date affecting 9 million computers. It is used by criminals and hackers worldwide in launching attacks through mails and was responsible for spreading infamous attacks like GameOver Zeus trojan as well as the Dridex malware deployed by Evil Corp.
One Necurs infected computer could send 3.8 million spam emails to 40.6 million machines or individuals in just 58 days.
Microsoft is also working with various Internet service providers (ISPs) to clear the victims computers of any malware or strain linked to Necurs Botnet to completely eradicate the bottom and prevent any comebacks.
“This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP),” added the post. “Through CTIP, Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies responsible for the enforcement of cyber laws and the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction, as well as a view of compromised computers and victims impacted by such criminal infrastructure.”