Sponsored Links

Microsoft disrupts a botnet that infected 9 million computers

Microsoft predicted and blocked six million domains that could have been used for cybercrime.
boonchai wedmakawand via Getty Images
boonchai wedmakawand via Getty Images
Christine Fisher
Christine Fisher|@cfisherwrites|March 10, 2020 4:56 PM

Today, Microsoft and partners from 35 countries took steps to disrupt a botnet behind the world's largest cybercrime network. The botnet, Necurs, has infected an estimated nine million computers worldwide, and it's one of the largest spam email networks, generating as many as 3.8 million spam emails in a two-month period.

To disrupt Necurs, Microsoft analyzed a technique the botnet used to generate new domains through an algorithm. It then predicted over six million domains that would be created in the next 25 months and reported these to registries around the world, so that they can be blocked, preventing future attacks.

Today's action, Microsoft says, is the result of eight years of planning. Microsoft and its cybercrime-fighting cohorts first observed Necurs in 2012 and have seen it distribute malware like GameOver Zeus, which authorities squashed in 2014. It's likely been involved in stock scams, fake pharmaceutical spam emails and "Russian dating" scams, and authorities believe it's operated by Russia-based cybercriminals.

Last week, a US District Court issued an order that allowed Microsoft to take control of the US-based Necurs infrastructure. In addition to blocking new domains from being registered, Microsoft is working with internet service providers (ISPs) to help remove Necrus malware from their customers' computers.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Microsoft disrupts a botnet that infected 9 million computers