A botnet is a group of PCs controlled by cybercriminal through a malicious software, or malware. Cybercriminals will use these PCs to commit crimes. Microsoft and its partners across 35 countries today announced that they have disrupted Necurs, one of the world’s most prolific botnets. Necurs botnet has infected more than nine million computers globally. Disruption of Necurs is a huge victory as it took eight years of tracking and planning.
Some key information about Necurs:
- During a 58-day period, one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.
- Necurs botnet is believed to be operated by criminals based in Russia.
- In addition to email spams, Necurs was also used for pump-and-dump stock scams, fake pharmaceutical spam email and “Russian dating” scams.
- Criminals behind Necurs botnet sell or rent access to the infected computer devices to other cybercriminals as part of a botnet-for-hire service.
- Necurs botnet is also known for distributing financially targeted malware and ransomware, cryptomining, and even has a DDoS (distributed denial of service) capability that has not yet been activated but could be at any moment.
To disrupt Necurs, Microsoft worked with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania, among others.