Microsoft has coordinated the take down of one of the world’s most prolific botnets after eight years of tracking a cyber criminal network.
The Necurs botnet infected more than nine million computers globally and was being used to distribute several forms of highly advanced malware.
It was used to target tens of millions of potential victims through spam emails pushing everything from pump-and-dump stock scams, to “Russian dating” scams.
Download the new Independent Premium app
Sharing the full story, not just the headlines
Botnets make use of security vulnerabilities in computers and other internet-connected devices in order to form a powerful network capable of carrying out cyber crimes.
Microsoft’s Digital Crimes Unit, together with partners across 35 countries, began tracking the botnet in 2012.
In a blog post detailing the operation, Microsoft attributed Necurs to criminals based in Russia.
“The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world,” Microsoft’s Tom Burt wrote.
“During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims… It has also been used to attack other computers on the internet, steal credentials for online accounts, and steal people’s personal information and confidential data.”
The criminals behind Necurs were also profiting from their cyber weapon by offering it to other hackers as part of a botnet-for-hire service.
Last week, a US court issued an order enabling Microsoft to take control of US infrastructure that was being used to build the botnet and infect victims with malware.
This legal step triggered action that saw Microsoft take control of domains and stop new ones from being registered, thus preventing the Necurs from being used to execute cyber attacks.