The main blow to the botnet necurs is of a technical nature. In cooperation with security experts from all over the world, hackers were able to crack the botnet algorithm with which Necurs was able to continuously generate new domains. Microsoft and its partners were able to precisely predict around five million domains that Necurs would have generated in the following months.
Microsoft Hacks The Main Botnet Algorithm
After the algorithm had been cracked, Microsoft was able to report the domains to be generated to the national registration authorities. The registrars then blocked the domains in their systems so that they could not become part of the Necurs botnet. The company also managed to get a US district court to issue a court order that allowed Microsoft to take control of the infrastructure if it was on American soil. With that, the Necurs botnet is largely at an end, as Microsoft writes in its security blog. Access by the criminal actors was no longer possible, at least in relation to important key areas of the botnet.
Success was preceded by years of global investigative work. The Necurs botnet, which recently had more than million infected computers worldwide, was first noticed 10 years ago. The Microsoft Digital Crimes Unit began monitoring the botnet’s activities with the support of other partners. It was found that it spread malware.
Necurs Was Subsequently Used For The Entire Range Of Botnet Crime
Among them was the spread of Trojans and stock cams. The portfolio also included the classic sending of spam emails about counterfeit products. Microsoft shows the extent using as an example. For example, a single observed, infected computer sent a total of 4 million spam emails to over million potential victims worldwide in 2 months.
In addition, the criminals used Necurs for crypto mining, ransomware distribution and financial fraud. According to Microsoft, an existing function for carrying out DDOS attacks, in which targeted attacked servers are overloaded and thus switched off was available, but has not yet been activated. The criminals are also said to have rented access to their botnet. This allowed other cybercriminals to use the capacities of the million devices network for their own purposes.