Microsoft disrupts world's most dangerous network of 'zombie bots'

Share this article: Share Tweet Share Share Share Email Share

Berlin - Microsoft and partners from 35 countries have succeeded in disrupting the world's most dangerous botnet, Necurs, which the company says had infected more than 9 million computers. After eight years of preparation, the software giant and partners undertook coordinated legal and technical measures to disrupt access to the botnet, Microsoft corporate vice president Tom Burt wrote in a blog post late on Tuesday. Burt said Microsoft had succeeded in locking criminals out of key elements of the infrastructure needed to conduct cyberattacks. Botnets are made up of a network of many hacked devices. The malware they rely on can infect personal computers but also smart internet-connected devices such as household electronics. Necurs, the most active botnet world wide, is one of the largest generators of spam emails, with victims in nearly every country.

During the Microsoft-led investigation into the botnet, one infected computer was observed sending out 3.8 million spam emails to more than 40.6 million potential victims over a period of 58 days.

Necurs is believed to be operated from Russia and has been implicated in a number of dating scams and fake spam emails.

It is also been implicated in so-called pump-and-dump stock scams, where investments in certain stocks are hyped up in order to artificially inflate the price to the benefit of the scammers.

Necurs has also been used to attack other computers, steal online account details, personal information and confidential data, Burt said.

Criminals were also thought to be selling or renting out access to the infected devices to other cybercriminals as part of a "botnet-for-hire" service.

The decisive blow came on March 5 after Microsoft received an order allowing it to take control of US-based infrastructure used by Necurs to distribute malware and infect devices.

Burt said the software giant had also succeeded in cracking the algorithm used by Necurs to generate new domains.

It then correctly predicted and blocked 6 million new domains before they could become part of the botnet infrastructure.

"By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet," Burt wrote.

Microsoft recommended PC users who are concerned their devices may have been infected by the malware to run the company's safety scanner.

dpa