In a blog post this week, Microsoft announced it took control of the U.S.-based infrastructure of the Necurs botnet. Necurs is the world’s largest malware botnet mostly known for spam emails that grant remote computer control, but it also has the ability to deploy ransomware and even DDoS attacks.
Microsoft first became aware of Necurs in 2012. It now works with public and private partners across 35 countries to disrupt the effectiveness of Necurs spam campaigns which have been declining in complexity.
Making moves — Following a March 5 court ruling, Microsoft took control of Necurs state-side domains. The global partnership was able to break the domain generation algorithm (DGA), granting them access to millions of future domain names Necurs would use for its operations over the next 25 months. Those domains have now been blocked in all the relevant countries.
Too little, too late? — While this disruption is a great step forward, Threatpost reported in January that Necurs has recently shifted to amateur spam campaigns. As cybercriminals work together to fill technological gaps and move towards more targeted attacks, Necurs has lost its footing in the community.