At the height of its powers, Necurs was one of the most disruptive forces on the internet. A sort of Swiss Army botnet, over the years it has harnessed more than 9 million computers unwittingly under its control to send spam, distribute ransomware, attack financial institutions, and more. Last week, Microsoft pulled its plug.
Necurs has been silent lately—its most recent significant activity petered out last March—but it still has 2 million infected systems awaiting its next command. By disrupting what remains of the botnet—in coordination with law enforcement and internet service providers across 35 countries, and with the help of cybersecurity firms like BitSight and ShadowServer—Microsoft has effectively prevented Necurs from rising again.
“This disruption is the result of eight years of tracking and planning,” wrote Microsoft corporate vice president Tom Burt in a blog announcing the takedown, “and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure.” Microsoft declined to comment further, but the company has taken the lead on similar takedowns in the past, given the extent to which operations like Necurs threaten Windows devices and their users.
While botnets are often associated with distributed denial of service attacks, Necurs has a more diverse portfolio. “The reason the Necurs botnet is so pernicious is because the attackers managed to infect so many devices, and leverage this massive botnet for various purposes based on the fact it distributes many other types of malware,” says Yael Daihes, senior security researcher at the co ..
Support the originator by clicking the read the rest link below.
