Microsoft has announced that it is about to put an end to Necurs, one of the most dangerous botnets in recent years.
Microsoft’s cyber-security crusade continues. After eight years of work, Cyber Threat Intelligence in collaboration with 35 countries is preparing to end the Necurs botnet located in the United States but of Russian origin, which infected a network of nine million PCs all over the world and distributed malware of all kinds every day.
“On Thursday March 5, the U.S. District Court for the Eastern District of New York issued an order allowing Microsoft to take control of the U.S.-based infrastructure used by Necurs to distribute malware and infect the victims’ computers. With this legal action and through a collaborative effort involving public-private partnerships around the world, Microsoft is conducting activities that will prevent the criminals behind Necurs from registering new domains for future attacks.
This was accomplished by analyzing a technique used by Necurs to systematically generate new domains through an algorithm. We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft said that these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet. “
Microsoft is also taking the extra step of partnering with Internet Service Providers (ISPs) and others around the world to rid their customers’ computers of malware associated with the Necurs botnet.
Microsoft monitors around 30 billion logins by over a billion users every day. According to the latest security statistics, infected PCs do not use accounts with two or more factor authentication in 99% of cases. The latter greatly limits the chances of being a victim of cyber-attacks that leverage the fragility of user passwords.