Microsoft announced on Tuesday that it was in on the busting-up of Necurs: one of the world’s biggest, baddest, busiest botnets.
Some consider Necurs to be the largest botnet ever, with estimates from 2017 indicating that, at the time, it consisted of more than 6,000,000 infected computers. It’s metastasized in the last three years: Microsoft said that the malware has now infected more than nine million computers globally.
The majority of infected computers looked like they were in India, but almost every country in the world seemed to be affected. Necurs has been used to pump out multiple flavors of nastiness worldwide, with the notable exception of Russia: the malware deliberately avoided infecting computers set up to use a Russian keyboard.
Jul 01, 2014 A “bot,” short for “robot,” is a type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a “zombie.” A collection of these infected computers is known as a “botnet.”. Ways to prevent botnet malware: Install trusted, powerful antivirus software on your computer. Set your software settings to update automatically. Be careful what you click, download, or open. Other ways to stay safe from botnets: To protect your computer from becoming a ‘zombie’ in a botnet army, always be on guard for any suspicious. Nov 20, 2019 New Roboto botnet emerges targeting Linux servers running Webmin. The botnet's main function is the ability to conduct DDoS attacks, a feature it has not used yet. A botnet may be remotely controlled by the creators of the malware that drives it (hence the 'zombie' appellation) or it may be rented out by spammers or other persons of ill will. May 28, 2008 The underground botnet industry provides everyone who wants to use a botnet with everything they need, including software, ready-to-use zombie networks and anonymous hosting services, at.
Up until it temporarily went offline around December 2016, it was inflicting malware that included Locky ransomware. It got its wind knocked out for a few months, but when Necurs came back in March 2017, it started belching out a huge pump-and-dump scam.
In its blog post, Microsoft said that, along with partners, it’s been spending the past eight years tracking and planning to knock the knees off Necurs. Microsoft says that coordinated legal and technical steps to disrupt the network of zombified computers will…
…help to ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.
Microsoft says its Digital Crimes Unit, along with BitSight and others in the security community, first observed the Necurs botnet in 2012. Besides Locky and the pump-and-dump scam, Necurs has also been used by crooks to distribute the GameOver Zeus banking Trojan; fake pharmaceutical spam email and Russian dating scams.
Unsurprisingly, given that it’s tiptoed around computers using Russian keyboards in the past, Necurs is thought to be operated by Russian crooks. Besides the ransomware and the spam, the botnet has also been used as an attack dog, sent to jump on other computers on the internet and to steal credentials for online accounts, people’s personally identifiable information (PII), and other confidential data.
Microsoft says that Necurs’ operators also sell or rent access to their zombie computers to other crooks – what’s known as a botnet-for-hire service. The botnet has also been used to distribute financially targeted malware and cryptomining. It also has the capability of being used to launch a distributed denial of service (DDoS) attack. Its operators haven’t flipped the switch on that – yet. They could activate that capability at any time, Microsoft says.
Necurs has been a powerful force of yuck: Microsoft says that during one 58-day period, its staff watched as one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.
![Macos botnet zombie check software check list Macos botnet zombie check software check list](/uploads/1/2/6/3/126304184/981294751.png)
How did they castrate that bull?
The trick was to grab it by its algorithm. Microsoft says it’s been heading up activities that will keep the crooks behind Necurs from registering new domains to execute attacks in the future – a feat that was accomplished by analyzing how Necurs systematically generates new domains through an algorithm.
From its post:
We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.
Microsoft also had help from the courts: on 5 March, the US District Court for the Eastern District of New York issued an order enabling the company to seize the US-based infrastructure Necurs uses to distribute malware and infect computers.
Macos Botnet Zombie Check Software Check List
The next step is to partner with ISPs to scrub Necurs malware off of victimized computers: an effort that also involves partnering with law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies. Microsoft says it’s working with domain registries, government CERTs and law enforcement in Mexico, Colombia, Taiwan, India, Japan, France, Spain, Poland and Romania, among others.
Macos Botnet Zombie Check Software Checks
Want to make sure you’re free of malware? Microsoft suggests you head over to its Safety Scanner: a tool that helps to remove malware from Windows systems. Sophos also has its free Virus Removal Tool, as well as free tools for protecting both Windows and Mac systems.
Latest Naked Security podcast
LISTEN NOW
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.