The Internet has connected thousands if not millions of computers to make the world a virtually smaller place but that has also enabled a new form of criminal activity. Botnets do more than just infect computers, they also use those infected computers to further spread their illegal activities. Now Microsoft is proudly announcing how it took part in an operation that has disrupted one of the most prolific botnets in the world, at least for the next 25 months.
To be clear, Microsoft and industry partners haven’t taken down the botnet infamously known as Necurs. Their operators remain at large and infected computer networks may still be in operation. They have, however, considerably disrupted their activity so that Necurs won’t be able to wreak further havoc for quite a while, giving authorities time to hunt them down.
What Microsoft and others accomplished is to seize and take down the US-based infrastructure that Necurs uses to spread its malware. Specifically, it was able to analyze the strategy the botnet uses to generate and register new domains that it then uses to point infected computers to its command and control (C&C) servers.
Microsoft’s boast pretty much revolves around how it was able to analyze that algorithm and predict the over six million unique domains that Necurs would have generated in the next 25 months. It has submitted those domains to the registrars of respective countries so that attempts to have them registered would be blocked, effectively crippling Necurs’ operations, at least for the time being.
Taking down Necurs for good will still need a lot of work, especially considering this latest victory was the result of eight years of tracking and planning. Microsoft is naturally invested in taking down the malicious network considering Windows computers are often the victims of infection. This is also why the company ends with a reminder on how to keep Windows PCs safe from botnets.