Technology giant Microsoft says it was able to upset the Necurs botnet by taking control of the U.S.-based infrastructure that it has been using to carry out its malicious happenings.
Necurs is a peer-to-peer (P2P) hybrid botnet that uses a Domain Generation Algorithm (DGA) to ensure bots could continually link to a command and control (C&C) server. The botnet has been around since at least 2012 and has become one of the most productive botnets so far.
Thought to be operated by Russian hackers, Necurs has been used for a comprehensive range of malicious activity, including pump-and-dump stock tricks, junk emails credential and personal information holdup.
Moreover, the botnet workers are thought to be selling access to diseased systems to other hackers as part of a botnet-for-hire service. Necurs has also distributed denial of service (DDoS) competences, but it hasn’t been used for this type of attack thus far.
During the first 7 days of March 2020, there were over 660,000 Necurs infections detected globally, with India, Indonesia, and Turkey being affected the most.
The security company also says it has recognized eleven Necurs botnets, with four of them accounting for most of the activity. The botnets have been mainly sluggish since March 2019, but left over 2 million infected systems in a latent state.
Necur’s P2P architecture lets it fight takedown efforts, but Microsoft now says that it managed to take tough action on the botnet’s DGA algorithm and capture the domains used for C&C.
Working with public and private units globally, Microsoft was able to take control over the botnet’s U.S.-based infrastructure to confirm that Necurs’ workers can’t record new domains to conduct additional attacks.