A joint, eight-year effort by Microsoft’s Digital Crime Unit and government agencies in 35 countries has put a halt to the large Necurs botnet, responsible for sending a vast amount of spam and malware.
Last week, Microsoft obtained a court order in the United States that enabled the company to take control of existing America-based infrastructure that Necurs uses to distribute malware and to infect computers, the company said.
Microsoft was also able to work out how Necur’s automatic domain registration algorithm works; with that knowledge in hand, the company’s security reserchers accurately predicted over six million unique domain names that Necurs would create over the next 25 months.
By reporting the domains to their respective registries aorund the world Necurs websites could be blocked, and not become part of the botnet’s infrastructure.
Necurs believed to be operated by Russian digital criminals, Microsoft said.
The botnet has infected over nine million computers wordlwide, and was first observed in 2012.
It is responsible for sending millions of spam messages containing pump-n-dump share and Russian dating scams but Necurs has also distributed malware and been used to attack other internet connected computers to steal credentials and personal information.
Microsoft also noted that computers infected by Necurs seems to be rented out by the cyber criminals behind it, as part of a botnet-for-hire service.