Microsoft and partners have announced a major breakthrough in the fight against hackers today (March 10), with the takedown of the prolific Necurs botnet. This automated network infected as many as nine million computers, used as endpoints to distribute dangerous emails and malware. Between 2016 and 2019, the Nucurs network was likely responsible for 90% of the world’s email-distributed malware.
This takedown came as a result of “eight years of tracking and planning,” Microsoft says, and involved its Digital Crimes Unit, BitSight, and other partners across 35 countries. In a separate announcement, BitSight claims the action has impacted “all [eleven] Necurs botnets,” networks that have appeared dormant for around 12 months—longer than ever before, but which have left 2 million systems infected.
Taking spam email as an example of the scale of threat here, Necurs targeted victims “in nearly every country in the world. During a 58-day period in our investigation,” Microsoft says, “we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.” The action taken, it says, “helps ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.”
Botnets—or networks of bots—are large numbers of compromised computers that then become connected endpoints through which a criminal activity can take place. In essence, your PC becomes a tool for the criminal network to use, including dropping malware (such as GameOver Zeus, Dridex, Locky and Trickbot), sending spam emails, romance and financial scams, credential theft and cryptomining.
Back in 2017, IBM said of Necurs that “it militarizes up to 6 million zombie endpoints, delivers some of the worst banking trojans and ransomware threats in batches of millions of emails at a time, and keeps reinventing itself… Necurs is indirectly responsible for a major chunk of cybercrime and the losses it produces.”