Microsoft takes down global zombie bot network
- Published
Microsoft has said it was part of a team that dismantled an international network of zombie bots.
The network call Necurs infected over nine million computers and one of the world's largest botnets.
Necurs was responsible for multiple criminal scams including stealing personal information and sending fake pharmaceutical emails.
Cyber-criminals use botnets to remotely take over internet-connected devices and install malicious software.
The software can be used to send spam, collect information about what activity the computer is used for or delete information without notifying the owner.
Tom Burt, Microsoft's vice-president for customer security and trust, said in a blog post that the takedown of Necurs was the result of eight years of planning and co-ordination with partners in 35 countries.
He wrote that the steps taken will "ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyber-attacks."
What is a botnet?
Botnets are networks of internet-connected devices that run automated tasks.
Cyber-criminals use these networks to send malicious software, called malware, which can give them remote access to a computer. Once that malware is in place these criminals can take information from the computer or use the infected devices to send more attacks or spam.
Once a device has been infected, and used to send more spam or malware attacks, it is known as a zombie.
How did the takedown work?
Necurs first appeared in 2012.
It is believed to have had a network of more than nine million zombie computers.
To grow this network Necurs used a domain generation algorithm that created random domain names the group turned into websites. It used these sites to send instructions to its army of infected computers.
Microsoft and its partners were able to crack Necurs' algorithm and predict what domain names it would be using in the months ahead and block them.
Is my computer affected by malware?
Necurs was one of the largest malware networks in the world, but it was not alone.
Some signs your device may have malware on it
Programs begin to operate more slowly or take longer to open
The computer regularly crashes and needs to be rebooted
Space on a computer's hard drive fills up without warning
Spam emails are sent to contacts from your account
Malware is a broad term for any malicious software that attacks a computer. The most common types are software that copies data, monitors a user's actions on their computer or deletes information from a device unless a ransom is paid.
- Published20 February 2020
- Published6 March 2020