Necurs helped spread encryption Trojans, but especially when sending spam emails: Microsoft writes on the flagto have stopped the notorious botnet together with partners from 35 countries until further notice. With around nine million computers, Necurs is one of the most active botnets in the world. The spam emails that ended up in mailboxes all over the world thanks to him revolved around the wrong pharmaceutical products and Russian dating offers, Microsoft writes. A single computer on the network sent 3.8 million spam messages in just over two months.
–
Botnets can generally be thought of as digital zombie armies. They consist of hijacked devices that are connected to the Internet. As a rule, their owners do not even notice that their device has become part of a remote-controlled army through malware and helps with attacks on external servers.
The Federal Office for Information Security (BSI) writes to Necursthat this network can be used in a variety of ways: “It is able to be expanded at any time with new skills”. Infection with Necurs is “to be taken very seriously, as it can cause great harm to the infected person”. New computers would be hijacked by Necurs, among other things, via email attachments that look like normal documents but contain malware. Microsoft also mentions the wide range of Necurs operations, from tapping access data for online accounts to “pump-and-dump” fraud schemes to attacks on other computers connected to the Internet.
–
“The botnet significantly disturbed”
Criminals from Russia are suspected to be behind Necurs. Microsoft writes that the operators would probably also make their botnet available to other criminals by selling or renting them out.
Necurs appeared for the first time on the radar of security companies in 2012 – Microsoft now also emphasizes that its strike against the botnet had been preceded by eight years of preparation. The measures taken would now ensure that operators can no longer access central parts of the Necurs infrastructure. Specifically, Microsoft now wants to be able to prevent the Necurs operators from registering new domains that would have been used for future attacks.
–
Microsoft has seen through a technique with which new domains were systematically generated in the case of Necurs, the so-called domain generation algorithm (DGA). Specifically, it is about six million unique domains for the next 25 months. Microsoft reported these to the registries in different countries, so that those domains are not foreseeable to become part of the Necurs infrastructure. “By taking control of existing websites and preventing the possibility of registering new websites, we significantly disrupted the botnet,” writes Microsoft. They also say that they are also in contact with Internet providers to remove Necurs malware from their customers’ devices.
–
