Microsoft predicted and blocked six million domains that could have been used for cybercrime.
Today, Microsoft and partners from 35 countries took steps to disrupt a botnet behind the world’s largest cybercrime network. The botnet, Necurs, has infected an estimated nine million computers worldwide, and it’s one of the largest spam email networks, generating as many as 3.8 million spam emails in a two-month period.
To disrupt Necurs, Microsoft analyzed a technique the botnet used to generate new domains through an algorithm. It then predicted over six million domains that would be created in the next 25 months and reported these to registries around the world, so that they can be blocked, preventing future attacks.
Today’s action, Microsoft says, is the result of eight years of planning. Microsoft and its cybercrime-fighting cohorts first observed Necurs in 2012 and have seen it distribute malware like GameOver Zeus, which authorities squashed in 2014. It’s likely been involved in stock scams, fake pharmaceutical spam emails and “Russian dating” scams, and authorities believe it’s operated by Russia-based cybercriminals.
Last week, a US District Court issued an order that allowed Microsoft to take control of the US-based Necurs infrastructure. In addition to blocking new domains from being registered, Microsoft is working with internet service providers (ISPs) to help remove Necrus malware from their customers’ computers.