Login

Register

Login

Register

Microsoft Hijacks Necurs Botnet that Infected 9 Million PCs Worldwide


necurs botnet takedown

Microsoft today announced that it has successfully disrupted the botnet network of Necurs malware, which has infected more than 9 million computers globally, and also hijacks the majority of its infrastructure.

The latest botnet takedown was the result of a coordinated operation involving international police and private tech companies across 35 countries.

The operation was conducted successfully after researchers successfully break the Domain generation algorithm (DGA) implemented by Necurs malware that helped it remain resilient for a long time.

DGA is basically a technique to unpredictably generate new domain names at regular intervals, helping malware authors to continuously switch the location of C&C servers and maintain undisrupted communication with the infected machines.

“We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure,” Microsoft said.

Additionally, with the help of court orders, Microsoft has also obtained control over the U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers.

Necurs botnet Domain generation algorithm

“By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.”

First detected in 2012, Necurs is one of the world’s most prolific spam botnet that infects systems with banking malware, cryptojacking malware, ransomware, and then further abuses them to send out massive amounts of spam email to the new victims.

To avoid detection and maintain persistence on targeted machines, Necurs utilizes its kernel-mode rootkit to disable a large number of security applications, including Windows Firewall.

Necurs was noticed mainly in 2017 when it started spreading Dridex and Locky ransomware at the rate of 5 million emails per hour to the computers across the globe.

“From 2016 to 2019, it was the most prominent method to deliver spam and malware by criminals and was responsible for 90% of the malware spread by email worldwide,” researchers at BitSight said in a separate report published today.

“During 58 days of investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims,” Microsoft said.

In some cases, the attackers even started blackmailing victims for a ransom claiming that they have knowledge about an extramarital affair and threaten to send proof to the victim’s spouse, family, friends, and co-workers.

According to the latest stats published by researchers, India, Indonesia, Turkey, Vietnam, Mexico, Thailand, Iran, the Philippines, and Brazil are the top countries that have been hit by Necurs malware.





The Original Source Of This Story: Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW