Necurs Botnet Takedown
Microsoft says it managed to disrupt the Necurs botnet by taking control of the U.S.-based infrastructure that it has been using to conduct its malicious activities.
Necurs is a peer-to-peer (P2P) hybrid botnet that uses a Domain Generation Algorithm (DGA) to ensure bots could always connect to a command and control (C&C) server. The botnet has been around since at least 2012 and has grown to become one of the most prolific botnets in existence.
Believed to be operated by Russian cybercriminals, Necurs has been used for a broad range of malicious activity, including pump-and-dump stock scams, spam emails credential and personal information theft, and the distribution of malware families such as GameOver Zeus, Dridex, Locky, Trickbot and others.
Additionally, the botnet operators are believed to be selling access to infected systems to other cybercriminals as part of a botnet-for-hire service. Necurs also has distributed denial of service (DDoS) capabilities, but it hasn’t been used for this type of attack as of now.
During the first seven days of March 2020, there were over 660,000 Necurs infections observed worldwide (based on the number of IPs reaching sinkholes), with India, Indonesia, and Turkey being affected the most, according to BitSight.
The security firm also says it has identified eleven Necurs botnets, with four of them accounting for most of the activity. The botnets have been largel ..
Support the originator by clicking the read the rest link below.
