Microsoft and partners across 35 countries have taken coordinated legal and technical steps to disrupt one of the world’s most prolific botnets called Necurs which had infected more than nine million computers worldwide.
The disruption is a result of eight years of tracking and planning, and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks, Microsoft said on Thursday.
The Necurs botnet is one of the largest networks in the spam email threat ecosystem with victims in nearly every country in the world.
During a 58-day period in the investigation, one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.
The breakdown by countries for the first seven days of March showed 13.59 per cent of the distinct infected IP addresses coming only from India.
“India is also home to one of the largest number of super-nodes, also known as P2P (peer-to-peer) communication channels which are created by cybercriminals in order to prevent botnet disruption by law enforcement, network operators and researchers,” said Tom Burt, Corporate Vice President for Customer Security and Trust at Microsoft.
Necurs is believed to be operated by criminals based in Russia and has also been used for a wide range of crimes including pump-and-dump stock scams, fake pharmaceutical spam email and Russian dating scams.
It has also been used to attack other computers on the internet, steal credentials for online accounts and steal people’s personal information and confidential data.
On March 5, the US court for eastern district of New York issued an order enabling Microsoft to take control of US-based infrastructure Necurs uses to distribute malware and infect victim computers.
In India, the Microsoft digital crimes unit partnered with the Computer Emergency Response Team (CERT-IN) and National Internet Exchange of India (NIXI) to disrupt cyberattacks led by the botnet.
“This effort prevented the criminals behind Necurs from registering new domains to execute attacks in the future in India,” said Burt.