Botnets are illicit network of ‘zombie’ computers, compromised by cyber criminals using malware. Botnets are made and designed to obey only the criminals, and can work without the computer owners' knowledge.
Here, Microsoft said that it has taken down one of the world’s largest and longest-running botnet.
The takedown operation was made in collaboration between Microsoft’s Digital Crimes Unit, cybersecurity firm BitSight, and a number of other partners in 35 different countries.
The botnet, called Necurs, had spread and infected more than 9 million computers in the course of 8 years.
Using the zombie computers, cyber criminals have leveraged their victims' processing power to create mass emailing campaign and other fraudulent activity to further spreads the network’s reach.
The cyber criminals are also said to have used the botnet to create "pump and dump" operation, in which they create false news and spread them using the botnet, to try raising the price of certain stocks, or plummet them. There were also fake pharmaceutical promotion campaigns, and a Russian bride email schemes that were used to trick victims into disclosing their personal information.
Microsoft’s Tom Burt, Corporate Vice President of Customer Security and Trust, said in a blog post:
The botnet was based in Russia and was linked to several forms of malware, including the GameOver Zeus banking trojan which saw more than $100 million stolen from people's bank accounts.
The final take down took place after a U.S. District Court for the Eastern District of New York issued an order on March 5, allowing Microsoft to take action against the group.
Microsoft executed the take down operation by first identifying an algorithm the network used to automatically generate new web domains. The company then created a list of more than 6 million domains it predicted the botnet's algorithm would attempt to generate in the coming 25 months.
With the information, Microsoft shared the list with Internet Service Providers around the world, in order to block the domain registration attempts and stop the network's ability to spread.
A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things (IoT) devices that are infected and controlled by a common type of malware. Hackers can use these infected machines to launch malicious campaigns to targets.
From DDoS attacks to websites to overwhelm their servers, and ultimately disable them temporarily, emailing spam to millions of people around the world, generating fake traffic for websites for financial gains, and other nefarious tasks.
And Necurs here was one of the most prolific cybercrime networks the world has ever seen.
Reports have suggested that the botnet was responsible for up to 90% of the world’s email-distributed malware between 2016 and 2019.
The scale of the Necurs operation was quite extensive, as Microsoft explained.
The firm pointed out that in its investigations, the botnet included machines from almost every country in the world; with one particular device was sending up to 3.8 million emails and potentially affected more than 40 million devices along the way.
Microsoft confirmed that it killed the botnet by disabling more than 6 million domains that the botnet would have automatically registered to expand its operations and keep itself hidden.
