Microsoft crashes botnet that infected more than 9 million computers worldwide

Microsoft announced that it was able to predict and block an attack by the Necurs botnet, known as one of the largest cybercrime networks in the world. Over 8 years, the technological giant, in partnership with 35 countries, followed the cyber footprints of criminals and developed a strategy based on artificial intelligence to put an end to the botnet that has already infected more than 9 million computers globally.

The company explains, in a post on its blog, that Necurs is one of the largest spam email networks. During a 58-day review period, Microsoft found that the botnet sent about 3.8 million spam emails to more than 40.6 million potential victims.

Geographical distribution of infections by Necurs botnet credits: BitSight

Experts at security firm BitSight, who helped Microsoft stop cybercriminals, clarify that Necurs has been active since 2012 and operated by Russian criminals. Attackers use it primarily to run numerous scams, but also to attack other computers and steal access credentials or personal data.

Attackers apparently sell or lease infected computers to other cybercriminals as part of a kind of botnet rental service. Necurs is also known for spreading financial malware and ransomware, as well as malicious cryptocurrency mining software. Experts say the network has the possibility to launch DDoS attacks at any time, although it usually does.

To stop cybercriminals and ensure that they are not able to use key elements of the malicious infrastructure, the company used an algorithm to analyze one of the techniques used by the botnet. Through the method, it was possible to predict more than 6 million online domains that would be created by Necurs in the next 25 months.

Microsoft reported domains to their registries worldwide so that they could be blocked, thus preventing future attacks. In addition, the technology has received permission from one of the District Courts of New York to take control of the North American portion of Necurs' infrastructure.

After disrupting Necurs, Microsoft will now help Internet access provider (ISP) companies and other organizations around the world to eliminate any trace of the botnet from their computer systems.