Microsoft stopped a botnet that affected more than 9 MILLION computers

Microsoft has disrupted a Russian botnet that infected more than 9 MILLION computers with malicious software that was used for a wide range of internet fraud

  • Microsoft has disrupted one of the world’s largest and longest running botnets
  • The Necurs botnet was based in Russia and affected 9 million computers
  • It had been used to for fake pharmaceutical schemes, Russian brides, and more

Microsoft has taken down one of the world’s largest and longest-running botnets, an illicit network of ‘zombie’ computers high-jacked by malware and used for a wide variety of fraudulent phishing schemes without their owners knowledge.

The takedown operation was a collaboration between Microsoft’s Digital Crimes Unit, cybersecurity firm BitSight, and a number of other partners in 35 different countries.

The botnet, called Necurs, had spread to more than nine million computers over the course of eight years, using the surplus processing power of infected devices for mass emailing campaigns and other fraudulent activity that further spreads the network’s reach.

Microsoft has taken down Necurs, an eight year-old botnet that is believed to have infected nine million computers across 35 countries with malicious malware

According to a blog post by Microsoft’s Tom Burt, Corporate Vice President of Customer Security and Trust, the botnet was based in Russia and was linked to the infamous 2014 GameOver Zeus attack that saw more than $100milliion stolen from bank accounts. 

Other schemes included ‘pump and dump’ operations, where false news about stocks are circulated in an attempt to raise the price so that investors can then sell their shares off at a profit.

There were also fake pharmaceutical promotions, and a Russian bride email schemes used to trick people into disclosing personal information.

In addition to organizing their own illicit campaigns through the network of infected computers, it appears the Necurs group also rented out the botnet to others who wanted to conduct illegal schemes.

The final take down took place after a US District Court for the Eastern District of New York issued an order allowing Microsoft to take action against the group.

Microsoft executed the take down operation by identifying an algorithm the network used to automatically generate new web domains to promote as part of its fraudulent email campaigns.

Necurs secretly installed software on unwitting users computers and used their surplus processing power for a range of fraudulent activity, including phishing schemes to steal personal information and ‘pump and dump’ schemes meant to increase the price of a stock with false or misleading information

Microsoft created a list of more than six million domains it predicted the botnet’s algorithm would attempt to register in the coming weeks and months. 

It then shared the list with internet service providers around the world to block the domain registration attempts and break up the network’s capacity to attack.

Some common signs of malware include programs taking more time to open than normal, regular system crashes, and your computer hard drive storage filling up at random times.


A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware.

Users are often unaware of a botnet infecting their system. 

Once a botnet’s owner is in control of your computer, they can use your machine in combination with others, over a network called a botnet, to carry out other nefarious tasks.

There are a number of common tasks executed by botnets including:

– Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites. 

– Emailing spam out to millions of Internet users.

– Generating fake Internet traffic on a third-party website for financial gain. 

– Replacing banner ads in your web browser specifically targeted at you. 

– Pop-ups ads designed to get you to pay for the removal of the botnet through a fake anti-spyware package.

Source: Read Full Article