Skip to main content

Microsoft takes down global zombie botnet

(Image credit: Image source: Shutterstock/Toria)

Microsoft has announced it has disrupted one of the world's most prolific botnets, Necurs. The software giant teamed up with partners in 35 countries to perform the takedown.

Botnets are networks of malware-infected computers that can be accessed remotely by cybercriminals and used to perform various attacks.

Necurs is said to have infected more than nine million devices worldwide, and has been used for a wide range of criminal activity, from pump-and-dump stock schemes, to spam campaigns, to financially-targeted malware. It is believed the hacking group responsible for the botnet is based in Russia.

The botnet operators also rent out the network to other cybercriminals, allowing criminal customers to attack other devices and steal online credentials.

Necurs uses a domain generation algorithm (DGA) to create random domains for use in future attacks. Microsoft and its partners were able to crack the Necurs DGA, allowing them to prevent the registration of new domains.

The company used an algorithm to predict over six million unique domains that would be created in the next 25 months.

Microsoft obtained a court order that enabled the company to take over the botnet infrastructure, which brought to fruition an investigation that had lasted for eight years.

“By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet,” the company said.