Microsoft revealed today the actions it had taken together with partners from 35 countries to take down a botnet responsible for infecting more than nine million computers worldwide. The Necurs botnet is behind the GameOver Zeus banking trojan, among other forms of malware.
The software giant says its Digital Crimes Unit worked with BitSight and others in the security community to analyze a technique used by the botnet to create new domains through an algorithm. The team then predicted more than six million domains that would be generated in the next 25 months. Those domains were reported to registries around the world and were eventually blocked to thwart future attacks.
Microsoft's action was by virtue of an order issued by the U.S. District Court for the Eastern District of New York allowing it to seize U.S.-based infrastructure used by Necurs. This legal step is also vital to blocking the criminals operating the botnet from registering new domains. Additionally, Microsoft is collaborating with internet service providers to remove Necrus-associated malware from the computers of their customers.
Necurs is run by criminals based in Russia, Microsoft claims. It is considered to be one of the largest spam email networks and has spawned some 3.8 million spam emails sent to more than 40.6 million potential victims in a span of almost two months. Today's action is the result of eight years of planning between Microsoft and its partners after having first observed the botnet in 2012.