The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world.
Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which had infected more than 9 million computers worldwide. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.
The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world. The breakdown by countries for the first seven days of March 2020 showed 13.59% of the distinct infected IP addresses coming only from India. India is also home to one of the largest number of super-nodes, also known as P2P (peer-to-peer) communication channels which is created by cybercriminals in order to prevent botnet disruption by law enforcement, network operators and researchers.
Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012, and Microsoft has since collaborated with law enforcement agencies, the government and Internet Service Providers (ISPs) to rid computers of malware associated with the Necurs botnet. In India, the Microsoft Digital Crimes Unit partnered with the Computer Emergency Response Team (CERT-IN) and National Internet Exchange of India (NIXI) to disrupt cyberattacks led by the botnet. This effort prevented the criminals behind Necurs from registering new domains to execute attacks in the future in India.