Microsoft has taken a major step towards stopping the malware distributor, Necurs botnet. The computerized network cybercriminals in Russia is renowned for some of the nastiest viruses out there including Locky, RockLoader, Bart, and Globeimposter.
The malware distributor is reported to have attacked over 9 million computers worldwide, which were then used as endpoints to send out further emails and malware.
According to IBM, “it delivers some of the worst banking trojans and ransomware threats in batches of millions of emails at a time, and keeps reinventing itself.”
The operation has been eight years in the making which saw Microsoft collaborating with allies in more than thirty-five countries around the globe, along with cybersecurity company BitSight. The takedown has left all Necurs networks inoperative for about a year, the longest dormant period to date, however still leaving about 2 million computers infected.
Microsoft explained that over two months, “we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.” The action taken, it says, “helps ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.”
Once becoming an endpoint, cybercrimes can take place with the system capable of credential theft, financial and romance scams, cryptomining and spam mail. The criminals behind Necurs botnet, meaning networks of bots, also sublet their technology to others with the same sinister intentions.
By Microsoft anticipating individual domains that would have been initiated within the next twenty-five months, they were able to alert the relevant parties and block the activity, thus interrupting botnet’s standard way of operation.
While Microsoft has served the cybercriminals a big hit, their work is far from over as they embark on removing the malware from computers globally by working alongside internet service providers and law enforcement.