Microsoft and Partners in 35 Countries Battle Necurs Botnets

Microsoft and Partners in 35 Countries Battle Necurs Botnets

On March 10, 2020, Microsoft teamed with partners in 35 countries to battle the Necurs botnets. Pooling their combined legal and technical efforts, they worked together to fight a prolific botnet that has infected over nine million computers around the world.
Their goal is to prevent the criminals responsible from utilizing the chief components of their infrastructure to carry out cyberattacks.


A network of malware-infected computers, a botnet can be remotely controlled by a cybercriminal to commit crimes. Initially discovered by BitSight (Microsoft’s Digital Crimes Unit) and others in 2012, the Necurs botnet has distributed various types of malware and is one of the largest networks distributing malicious spam to millions of victims worldwide.

Thought to be run by Russian-based criminals, Necurs has been used for scams involving Russian dating, phony pharmaceutical emails, and pump-and-dump stock schemes. Necurs has attacked computers, pilfered online account credentials, and stolen sensitive personal information from millions worldwide.

Necurs syndicates also sell or rent access to the devices they have infected, offering a botnet-for-hire service to cybercriminals. In addition, they have distributed malware and ransomware targeting financial activities. Necurs botnets have also used infected computers for cryptomining without the users’ knowledge or consent.

Blockade of Botnet Domains

After determining the algorithm that Necurs used to systematically generate millions of new domains, Microsoft reported those future domains to registries worldwide in order to prevent them from being components of the Necurs infrastructure. Preventing the use of their existing websites and blocking Necurs from registering new domains has resulted in massively disrupting the Necurs botnet.

Moreover, Microsoft has teamed with ISPs (Internet Service Providers) and others to eliminate Necurs botnet malware from the computers of their customers. Microsoft has also partnered with companies and governments in this worldwide effort through the company’s CTIP (Cyber Threat Intelligence Program).

In order to maintain the continued disruption of the Necurs botnet, Microsoft has formed working partnerships with domain registries, various government CERTs (Computer Emergency Response Teams), and the law enforcement agencies of Colombia, France, Spain, India, Japan, Mexico, Taiwan, Poland and Romania, among others.

Alpha Engineering Business Support

Choosing an expert computer technology-support provider is an important decision for your business. Alpha Engineering Associates has been a trusted partner of many companies in the Washington, Baltimore and Annapolis areas since 1990. For affordable client-focused network consulting services and solutions, please call Alpha Engineering Associates today at (410) 295-9500.