Microsoft helped to disable world’s largest botnet

by
Eric Frederiksen
from Techreport on (#50P36)
Story Image

Sometimes David can take down Goliath, but other times you need one giant to kill another. Microsoft, in conjunction with partners in 35 other countries, has taken down one of the world's largest botnets, the company reported on its official blog this week. The company has taken steps to disrupt the Necurs botnet, which has infected over nine million computers across the world.

The Necurs botnet has been in service for years. To give an idea of its size, Microsoft highlights a 58-day investigation period:

The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world. During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.

Authorities believe the Necurs botnet operates out of Russia. The botnet dumps out spam at an unprecedented rate, but that's not all. Criminals have used the Necurs botnet to steal credentials, distribute ransomware, and it even has a DDoS capability that Microsoft says has not yet been activated.

Working with authorities, domain registrars, and ISPs, Microsoft helping to take a few measures to disrupt the botnet. First, the company took control of the botnet's US-based infrastructure. The company is working with ISPs around the world to help rid users in other countries of the malware associated with the botnet

Next, the company analyzed the algorithm the botnet uses to generate new domains and has reported those domains to registrars around the world. With these domains blocked, that will stymie the rate at which the botnet can propagate and send out more junk.

Microsoft is hard at work

Between the fact that Windows is on most of the user-end computers around the world and that the company has such a widespread service infrastructure, it makes sense that Microsoft would have both great interest in and insight into a large botnet like this. This is the second big move Microsoft has made in cybersecurity in the last few months, having previously taken down a bunch of North Korean hacker domains. This makes the 850,000-computer botnet that French police took down last year feel small by comparison, but both should go a long way toward making the internet safer, faster, and cleaner.

The post Microsoft helped to disable world's largest botnet appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments