logo

Microsoft takes down millions of zombie bots

Wednesday, 11 March 2020


Microsoft has said it was part of a team that dismantled an international network of zombie bots.

The network call Necurs infected over nine million computers and one of the world's largest botnets.

Necurs was responsible for multiple criminal scams including stealing personal information and sending fake pharmaceutical emails.

Cyber-criminals use botnets to remotely take over internet-connected devices and install malicious software.

The software can be used to send spam, collect information about what activity the computer is used for or delete information without notifying the owner, reports the BBC.

Tom Burt, Microsoft's vice-president for customer security and trust, said in a blog post that the takedown of Necurs was the result of eight years of planning and co-ordination with partners in 35 countries.

He wrote that the steps taken will "ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyber-attacks."

What is a botnet?

Botnets are networks of internet-connected devices that run automated tasks.

Cyber-criminals use these networks to send malicious software, called malware, which can give them remote access to a computer. Once that malware is in place these criminals can take information from the computer or use the infected devices to send more attacks or spam.

Once a device has been infected, and used to send more spam or malware attacks, it is known as a zombie.

How did the takedown work?

Necurs first appeared in 2012.

It is believed to have had a network of more than nine million zombie computers.

To grow this network Necurs used a domain generation algorithm that created random domain names the group turned into websites. It used these sites to send instructions to its army of infected computers.

Microsoft and its partners were able to crack Necurs' algorithm and predict what domain names it would be using in the months ahead and block them.