In 2017 it was reported that Necurs was being used to spread malware that took screenshots and gathered data, while in August 2018 the botnet was being used to target banks in a massive phishing campaign.
A botnet is a network of computers that a cybercriminal has actually infected with harmful software application, or malware. This automated network infected as many as nine million computers, used as endpoints to distribute risky emails and malware.
Microsoft and partners have announced a major breakthrough in the fight against hackers today (March 10), with the takedown of the prolific Necurs botnet.
During a 58-day period, one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.
Talking about the spread of botnet Necurs Microsoft claims that its victims can be found in almost every country.
The botnet has also been used to distribute financially targeted malware and cryptomining.
Additionally, with the help of court orders, Microsoft has also obtained control over the US -based infrastructure Necurs uses to distribute malware and infect victim computers.
The takedown effort came after Microsoft and industry partners broke Necurs' domain generation algorithm, a component that generates random domain names. The hackers used an algorithm to automatically generate new domains. Microsoft and its partners were able to crack the Necurs DGA, allowing them to prevent the registration of new domains.
In parallel with the technical work, Microsoft coordinated an global campaign involving the courts, other tech companies, ISPs, domain registries, government computer emergency response teams and law enforcement.
The main counterstrike was launched Tuesday from what a detailed New York Times account described as an "eerily empty Microsoft campus" due to most workers having been ordered home to prevent the spread of the coronavirus.
"The real takeaway has to be that general standards of cyber-security and hygiene overall, particularly in relation to IoT, are clearly now inadequate", he said.
"By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet", the company said. "So much so that botnets of millions of machines can successfully operate daily over many years". "Prevention is clearly better than a cure as Necurs and Emotet, as only two examples, have operated with relative impunity for years".