Microsoft has just taken down the world's largest botnet

According to the announcement on March 10, Microsoft and its partners have achieved a breakthrough in the fight against hackers when taking down the Necurs botnet - one of the largest malicious botnets in the world. By infecting more than 9 million computers, they are used by this botnet as endpoints to distribute malware and malicious emails. From 2016 to 2019, the Necurs botnet was responsible for 90% of the world's malicious email distribution malware.

The attempt to bring down the botnet came after Microsoft and its security partners broke the Necurs DGA - short for Domain Generation Algorithm - the component that helps to produce The random domain name this botnet uses for its attacks.

Microsoft has just taken down the world's largest botnet Picture 1

Locations of computers infected with Necurs malware in the world

Breaking this algorithm allows Microsoft and its partners to create a list of server domain names that will be used by Necurs in the future - about 6 million domain names will be created in the next 25 months - from which to create. can block them from the beginning and prevent the Necurs team from registering and using those domain names.

Microsoft said the downfall of the network was the result of " eight years of monitoring and planning " as well as collaborating with its partners, including cybersecurity firms such as BitSight and ISPs. internet service providers), domain registrars as well as law enforcement forces in 35 different countries.

In a separate statement, BitSight said its actions affected "all Necurs networks (11 networks)", which appear to have been down for 12 months - the longest. So far, about 2 million computers have been infected with malware.

The actions of Microsoft and its partners helped " ensure that criminals behind this network will no longer be able to use their network infrastructure to execute cyber attacks ."

Microsoft has just taken down the world's largest botnet Picture 2

Starting to appear in 2012, Necurs has become one of the largest email spam botnets ever. Botnets are computers that have been infected with a malicious malware module, in this case, Necurs malware. The Necurs spam module runs on the victim's computer and uses their resources to send a huge amount of spam emails every day.

Microsoft said the target victims of Necurs were in " almost every country in the world. In our 58-day investigation, we discovered that a malware infected by Necurs has sent total 3.8 million spam emails to about 40.6 million potential victims . "

Now the job of Microsoft and its partners is to clean up the mess that Necurs and the hackers who run the network leave behind. Microsoft is working with ISPs and law enforcement forces around the world to remove malware on client computers connected to this botnet.

References Forbes, ZDNet