Thursday, March 12th 2020
Microsoft Part of Global Operation to Disrupt World's Largest Online Criminal Network
Microsoft today announced it was part of a global operation meant to disrupt the world's largest online criminal network. Dubbed Necurs, the network functioned as a botnet - a number of computers infected by malware or otherwise malicious software that are functioning on behalf of a botmaster. The botmaster is basically akin to an administrator - but for nefarious purposes.
Thought to be controlled by criminals based in Russia, Necurs spanned more than nine million computing devices across 35 countries, making it one of the largest spam email threat ecosystems known to authorities - besides being used for pump-and-dump stock scams, fake pharmaceutical spam email and "Russian dating" scams. Necurs was such a well-oiled machine that it was seen sending 3.8 million spam messages to over 40 million targets across a 58-day long time frame in the investigation.
Bringing Necurs down took eight years of tracking, planning, and a joint effort between the judicial system and key technology players. These efforts culminated, according to Microsoft, with the company being enabled to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers by a judicial order. The idea - and planned attack vector - was to disrupt Necurs operations in their currently active domains, whilst also breaking the organization's algorithm that enabled it to constantly generate new domains for future exploits.
The company also added that "Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet."
Microsoft is also partnering with Internet Service Providers (ISPs) and others around the world to rid their customers' computers of malware associated with the Necurs botnet - a remediation effort global in scale and involving collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).
Source:
Microsoft
Thought to be controlled by criminals based in Russia, Necurs spanned more than nine million computing devices across 35 countries, making it one of the largest spam email threat ecosystems known to authorities - besides being used for pump-and-dump stock scams, fake pharmaceutical spam email and "Russian dating" scams. Necurs was such a well-oiled machine that it was seen sending 3.8 million spam messages to over 40 million targets across a 58-day long time frame in the investigation.
The company also added that "Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet."
Microsoft is also partnering with Internet Service Providers (ISPs) and others around the world to rid their customers' computers of malware associated with the Necurs botnet - a remediation effort global in scale and involving collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).
19 Comments on Microsoft Part of Global Operation to Disrupt World's Largest Online Criminal Network
Doing everything they can to live up to being the worlds comicbook villians.
It's almost as if they have no other purpose for existing as a country.
How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?
And the whole thread is very understated in this MS fluffpiece. It started way longer than 58 days ago, and the scope is way bigger than what they say.To quote the source, "believed" is a keyword.
Over the past year spam problems intensified so much that I went from simple monthly checkups on our mail server, to weekly marathons of re-working and adding new custom filters.
Including all the crap sent to bogus addresses in our domain, we get thousands of spam messages daily. SpamAssassin , Spamhaus, or any other anti-spam/blacklisting service is of no use.
We also have a huge outbreak of ransomware (which conveniently started around 3mo ago), and attacks range from usual spam-vector to targeted attack on machines with unpatched RDP vulnerability. It sounds silly, but we have lots of greedy small/medium business retards running pirated Windows 7 or Server 2013 with updates disabled, and facing the world on port 3389, while having weak credentials.
It's not like he's running illegal streaming service and needs low regulation hosting + domain name
"...sent a total of 3.8 million spam emails to over 40.6 million potential victims."
36.8 million potential victims do not receive an email. 3.8 million sent emails sent doesn't sound so impressive right? But wait!
"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."
There is more than just one computer in the botnet, and how many are there? no one knows besides the botmaster.