Microsoft Part of Global Operation to Disrupt World's Largest Online Criminal Network

Raevenlord · Mar 12, 2020

Microsoft today announced it was part of a global operation meant to disrupt the world's largest online criminal network. Dubbed Necurs, the network functioned as a botnet - a number of computers infected by malware or otherwise malicious software that are functioning on behalf of a botmaster. The botmaster is basically akin to an administrator - but for nefarious purposes.

Thought to be controlled by criminals based in Russia, Necurs spanned more than nine million computing devices across 35 countries, making it one of the largest spam email threat ecosystems known to authorities - besides being used for pump-and-dump stock scams, fake pharmaceutical spam email and "Russian dating" scams. Necurs was such a well-oiled machine that it was seen sending 3.8 million spam messages to over 40 million targets across a 58-day long time frame in the investigation.

Bringing Necurs down took eight years of tracking, planning, and a joint effort between the judicial system and key technology players. These efforts culminated, according to Microsoft, with the company being enabled to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers by a judicial order. The idea - and planned attack vector - was to disrupt Necurs operations in their currently active domains, whilst also breaking the organization's algorithm that enabled it to constantly generate new domains for future exploits.

The company also added that "Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet."

Microsoft is also partnering with Internet Service Providers (ISPs) and others around the world to rid their customers' computers of malware associated with the Necurs botnet - a remediation effort global in scale and involving collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).

View at TechPowerUp Main Site

_UV_ · Mar 12, 2020

Spam e-mails in 2020 with 40 million targets around WHOLE world... :clap:

, that was relevant in 2005-2012. :respect:

MS

Manoa · Mar 12, 2020

yhe microsoft don't wanne anyone else stilling money other than themselfs

The Quim Reaper · Mar 12, 2020

Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.

It's almost as if they have no other purpose for existing as a country.

GlacierNine · Mar 12, 2020

Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?

SL2 · Mar 12, 2020

Manoa said:
yhe microsoft don't wanne anyone else stilling money other than themselfs

That doesn't make sense, at all.

GlacierNine · Mar 12, 2020

Manoa said:
yhe microsoft don't wanne anyone else stilling money other than themselfs

Can you try repeating this in human?

PerfectWave · Mar 12, 2020

damn always russian LOL

voltage · Mar 12, 2020

more are Iranian, not Russian. Outdated to think otherwise, go do your own research. 70% is known to be from Iran and a few other neighboring areas.

Minus Infinity · Mar 13, 2020

The Quim Reaper said:
Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.

It's almost as if they have no other purpose for existing as a country.

I have to agree, they seem to go out of their way to to live up to their stereotype. Putin's the problem and they are trying to let him stay in power until 2036.

DeathtoGnomes · Mar 13, 2020

GlacierNine said:
Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?

yes, math. each message has multiple targets.

timta2 · Mar 13, 2020

voltage said:
more are Iranian, not Russian. Outdated to think otherwise, go do your own research. 70% is known to be from Iran and a few other neighboring areas.

Who's more credible here, Microsoft or random guy on the internet?

lexluthermiester · Mar 13, 2020

timta2 said:
Who's more credible here, Microsoft or random guy on the internet?

That's actually a tough call sometimes.... :roll:

silentbogo · Mar 13, 2020

The Quim Reaper said:
Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.

They've only disrupted the infrastructure. No one knows where these are from. Could be Chinese, Iranian, Turkish or Romanian.
And the whole thread is very understated in this MS fluffpiece. It started way longer than 58 days ago, and the scope is way bigger than what they say.

Necurs is believed to be operated by criminals based in Russia

To quote the source, "believed" is a keyword.

Over the past year spam problems intensified so much that I went from simple monthly checkups on our mail server, to weekly marathons of re-working and adding new custom filters.
Including all the crap sent to bogus addresses in our domain, we get thousands of spam messages daily. SpamAssassin , Spamhaus, or any other anti-spam/blacklisting service is of no use.

We also have a huge outbreak of ransomware (which conveniently started around 3mo ago), and attacks range from usual spam-vector to targeted attack on machines with unpatched RDP vulnerability. It sounds silly, but we have lots of greedy small/medium business retards running pirated Windows 7 or Server 2013 with updates disabled, and facing the world on port 3389, while having weak credentials.

BiggieShady · Mar 13, 2020

Enough with Russians and Iranians theories please ... it's a botnet, it's everywhere, "Admin" is probably at some resort in Seychelles, who cares where are his parents from?
It's not like he's running illegal streaming service and needs low regulation hosting + domain name

Recus · Mar 13, 2020

100% this botnet had support from ruskies government.

Totally · Mar 14, 2020

DeathtoGnomes said:
yes, math. each message has multiple targets.

There isn't math just poor wording. Even if that wasn't the case as written in the article an operator isn't declared and the reader has to make an assumption for it to make sense, an assumption that is most likely wrong because there is no operator due to the TPU author trying to spice things up or by accident. Here is the original text:

"...sent a total of 3.8 million spam emails to over 40.6 million potential victims."

36.8 million potential victims do not receive an email. 3.8 million sent emails sent doesn't sound so impressive right? But wait!

"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."

There is more than just one computer in the botnet, and how many are there? no one knows besides the botmaster.

DeathtoGnomes · Mar 14, 2020

Totally said:
There isn't math just poor wording. Even if that wasn't the case as written in the article an operator isn't declared and the reader has to make an assumption for it to make sense, an assumption that is most likely wrong because there is no operator due to the TPU author trying to spice things up or by accident. Here is the original text:

"...sent a total of 3.8 million spam emails to over 40.6 million potential victims."

36.8 million potential victims do not receive an email. 3.8 million sent emails sent doesn't sound so impressive right? But wait!

"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."

There is more than just one computer in the botnet, and how many are there? no one knows besides the botmaster.

There are several botnets around for varying purposes from what I've read, /tin-hat.

Totally · Mar 14, 2020

GlacierNine said:
Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?

It's trying to say that one infected computer in the network sent 3.8 million messages and chose from a list 40 million to send them to.

John Naylor · Mar 15, 2020

The Donald is gonna be pissed.

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

Processor	FX 8320 @4.2 \| i7 2600 @3.8 \| Xeon W3670 @ 3.6
Motherboard	Asus Sabertooth R2.0 \| Asus P8Z77-V Deluxe \| Gigabyte X58-UD7
Cooling	Zalman Performa 10+ \| Zalman Performa 11+ \| Zalman Performa 10+
Memory	Crucial Ballistix Sport XT 32GB @ 1866 \| Corsair Vengeance 32GB @1866 \| Samsung 24GB @ 1600
Video Card(s)	XFX Radeon 390x \| Zotac GTX 1070 AMP Extreme \| Zotac GTX 980 AMP Extreme
Storage	Intel SSD / SAS 15k Fujitsu \| Intel SSD / Velociraptors / Hitachi 2TB \| Intel SSD / Samsung 1TB
Display(s)	Samsung 245T \| HP ZR30w \| IBM 20" 4x3
Case	Chieftec \| Corsair Graphite 600T \| Thermaltake Xaser IV
Audio Device(s)	SB Titanium HD \| SB Titanium HD \| SB X-fi Elite Pro
Power Supply	Thermaltake 875W \| Corsair 850W \| Thermaltake 1500W
Mouse	Logitech \| Logitech \| Logitech
Keyboard	Mitsumi Classic \| Microsoft \|Microsoft
Software	W7 x64 \| W7 x64 \|W7 x64 / XP x32

System Name	Lightning
Processor	4790K
Motherboard	asrock z87 extreme 3
Cooling	hwlabs black ice 20 fpi radiator, cpu mosfet blocks, MCW60 cpu block, full cover on 780Ti's
Memory	corsair dominator platinum 2400C10, 32 giga, DDR3
Video Card(s)	2x780Ti
Storage	intel S3700 400GB, samsung 850 pro 120 GB, a cheep intel MLC 120GB, an another even cheeper 120GB
Display(s)	eizo foris fg2421
Case	700D
Audio Device(s)	ESI Juli@
Power Supply	seasonic platinum 1000
Mouse	mx518
Software	Lightning v2.0a

System Name	Gaming PC / I7 XEON
Processor	I7 4790K @stock / XEON W3680 @ stock
Motherboard	Asus Z97 MAXIMUS VII FORMULA / GIGABYTE X58 UD7
Cooling	X61 Kraken / X61 Kraken
Memory	32gb Vengeance 2133 Mhz / 24b Corsair XMS3 1600 Mhz
Video Card(s)	Gainward GLH 1080 / MSI Gaming X Radeon RX480 8 GB
Storage	Samsung EVO 850 500gb ,3 tb seagate, 2 samsung 1tb in raid 0 / Kingdian 240 gb, megaraid SAS 9341-8
Display(s)	2 BENQ 27" GL2706PQ / Dell UP2716D LCD Monitor 27 "
Case	Corsair Graphite Series 780T / Corsair Obsidian 750 D
Audio Device(s)	ON BOARD / ON BOARD
Power Supply	Sapphire Pure 950w / Corsair RMI 750w
Mouse	Steelseries Sesnsei / Steelseries Sensei raw
Keyboard	Razer BlackWidow Chroma / Razer BlackWidow Chroma
Software	Windows 1064bit PRO / Windows 1064bit PRO

System Name	Dumbass
Processor	AMD Ryzen 7800X3D
Motherboard	ASUS TUF gaming B650
Cooling	Artic Liquid Freezer 2 - 420mm
Memory	G.Skill Sniper 32gb DDR5 6000
Video Card(s)	GreenTeam 4070 ti super 16gb
Storage	Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s)	1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case	Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s)	onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply	Corsair HX1000i
Mouse	Steeseries Esports Wireless
Keyboard	Corsair K100
Software	windows 10 H
Benchmark Scores	https://i.imgur.com/aoz3vWY.jpg?2

Microsoft Part of Global Operation to Disrupt World's Largest Online Criminal Network

Raevenlord

News Editor

_UV_

Manoa

The Quim Reaper

GlacierNine

SL2

GlacierNine

PerfectWave

voltage

Minus Infinity

DeathtoGnomes

timta2

lexluthermiester

silentbogo

Moderator

BiggieShady

Recus

Totally

DeathtoGnomes

Totally

John Naylor

Processor	i7-3770K
Motherboard	Biostar Hi-Fi Z77
Cooling	Swiftech H20 (w/Custom External Rad Enclosure)
Memory	16GB DDR3-2400Mhz
Video Card(s)	Alienware GTX 1070
Storage	1TB Samsung 850 EVO
Display(s)	32" LG 1440p
Case	Cooler Master 690 (w/Mods)
Audio Device(s)	Creative X-Fi Titanium
Power Supply	Corsair 750-TX
Mouse	Logitech G5
Keyboard	G. Skill Mechanical
Software	Windows 10 (X64)

System Name	WS#1337
Processor	Ryzen 7 5700X3D
Motherboard	ASUS X570-PLUS TUF Gaming
Cooling	Xigmatek Scylla 240mm AIO
Memory	64GB DDR4-3600(4x16)
Video Card(s)	MSI RTX 3070 Gaming X Trio
Storage	ADATA Legend 2TB
Display(s)	Samsung Viewfinity Ultra S6 (34" UW)
Case	ghetto CM Cosmos RC-1000
Audio Device(s)	ALC1220
Power Supply	SeaSonic SSR-550FX (80+ GOLD)
Mouse	Logitech G603
Keyboard	Modecom Volcano Blade (Kailh choc LP)
VR HMD	Google dreamview headset(aka fancy cardboard)
Software	Windows 11, Ubuntu 24.04 LTS

System Name	Windows 10 64-bit Core i7 6700
Processor	Intel Core i7 6700
Motherboard	Asus Z170M-PLUS
Cooling	Corsair AIO
Memory	2 x 8 GB Kingston DDR4 2666
Video Card(s)	Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage	Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s)	Dell P2414H
Case	Corsair Carbide Air 540
Audio Device(s)	Realtek HD Audio
Power Supply	Corsair TX v2 650W
Mouse	Steelseries Sensei
Keyboard	CM Storm Quickfire Pro, Cherry MX Reds
Software	MS Windows 10 Pro 64-bit

Processor	Intel
Motherboard	MSI
Cooling	Cooler Master
Memory	Corsair
Video Card(s)	Nvidia
Storage	Western Digital/Kingston
Display(s)	Samsung
Case	Thermaltake
Audio Device(s)	On Board
Power Supply	Seasonic
Mouse	Glorious
Keyboard	UniKey
Software	Windows 10 x64

System Name	Miami
Processor	Ryzen 3800X
Motherboard	Asus Crosshair VII Formula
Cooling	Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory	F4-3600C16Q-32GTZNC
Video Card(s)	XFX 6900 XT Speedster 0
Storage	1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s)	DELL AW3420DW / HP ZR24w
Case	Lian Li O11 Dynamic XL
Audio Device(s)	EVGA Nu Audio
Power Supply	Seasonic Prime Gold 1000W+750W
Mouse	Corsair Scimitar/Glorious Model O-
Keyboard	Corsair K95 Platinum
Software	Windows 10 Pro