Berlin - Microsoft and partners from 35 countries have
succeeded in disrupting the world's most dangerous botnet, Necurs,
which the company says had infected more than 9 million computers.
After eight years of preparation, the software giant and partners
undertook coordinated legal and technical measures to disrupt access
to the botnet, Microsoft corporate vice president Tom Burt wrote in a
blog post late on Tuesday.
Burt said Microsoft had succeeded in locking criminals out of key
elements of the infrastructure needed to conduct cyberattacks.
Botnets are made up of a network of many hacked devices. The malware
they rely on can infect personal computers but also smart
internet-connected devices such as household electronics.
Necurs, the most active botnet world wide, is one of the largest
generators of spam emails, with victims in nearly every country.
During the Microsoft-led investigation into the botnet, one infected
computer was observed sending out 3.8 million spam emails to more
than 40.6 million potential victims over a period of 58 days.
Necurs is believed to be operated from Russia and has been implicated
in a number of dating scams and fake spam emails.
It is also been implicated in so-called pump-and-dump stock scams,
where investments in certain stocks are hyped up in order to
artificially inflate the price to the benefit of the scammers.
Necurs has also been used to attack other computers, steal online
account details, personal information and confidential data, Burt
said.
Criminals were also thought to be selling or renting out access to
the infected devices to other cybercriminals as part of a
"botnet-for-hire" service.
The decisive blow came on March 5 after Microsoft received an order
allowing it to take control of US-based infrastructure used by Necurs
to distribute malware and infect devices.
Burt said the software giant had also succeeded in cracking the
algorithm used by Necurs to generate new domains.
It then correctly predicted and blocked 6 million new domains before
they could become part of the botnet infrastructure.
"By taking control of existing websites and inhibiting the ability to
register new ones, we have significantly disrupted the botnet," Burt
wrote.
Microsoft recommended PC users who are concerned their devices may
have been infected by the malware to run the company's safety
scanner.