Necurs Botnets Busted

Eleven Necurs botnets, which infected more than nine million computers since 2012, have been severely disrupted. 

The botnets were dealt a blow through the joint efforts of BitSight, Microsoft's Digital Crimes Unit (DCU), and by partners across 35 countries who today took coordinated legal and technical steps to disrupt Necurs. 

The disruption was the result of years of study focused on Necurs malware, its botnets, and its command and control infrastructure. Researchers performed forensic analysis, reverse engineering, malware analysis, modules updates, infection telemetry, command and control updates, and analysis of a technique used by Necurs to systematically generate new domains through an algorithm. 

“We were then able to accurately predict over six million unique domains that would be created in the next 25 months,” said a Microsoft DCU spokesperson. 

The domains were reported to their respective registries in countries around the world so the websites could be blocked and prevented from becoming part of the Necurs infrastructure.

Evidence found by researchers suggests that the botnets were controlled by a single group. Of the eleven Necurs botnets discovered, four were found to be responsible for approximately 95% of all infections.

Necurs was first spotted rearing its ugly head in 2012. Over the years, the malware has been used to support a wide range of illegal activities, but its main function has been to deliver other malware.

Malicious ware dropped by Necurs has included GameOver Zeus, Dridex, Locky, and Trickbot, among others. 

After infecting a system, Necurs is programmed to weaken its security to protect it ..

Support the originator by clicking the read the rest link below.