Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Botnet Microsoft Security IT

Microsoft Orchestrates Coordinated Takedown of Necurs Botnet (zdnet.com) 15

Microsoft announced today a coordinated takedown of Necurs, one of the largest spam and malware botnets known to date, believed to have infected more than nine million computers worldwide. From a report: The takedown effort came after Microsoft and industry partners broke the Necurs DGA -- the botnet's domain generation algorithm, the component that generates random domain names. Necurs authors register DHA-generated domains weeks or months in advance and host the botnet's command-and-control (C&C) servers, where bots (infected computers) connect to receive new commands. "We were then able to accurately predict over six million unique domains that would be created in the next 25 months," said Tom Burt, Microsoft Vice President for Customer Security & Trust. Breaking the DGA allowed Microsoft and its industry partners to create a comprehensive list of future Necurs C&C server domains that they can now block and prevent the Necurs team from registering.
This discussion has been archived. No new comments can be posted.

Microsoft Orchestrates Coordinated Takedown of Necurs Botnet

Comments Filter:
  • It's the least they could do.
  • go to 40.6 million victims? Or did each victim get 3.8 million emails?

    • go to 40.6 million victims?

      Have you never sent an e-mail with more than one recipient?

    • by Zocalo ( 252965 )
      I'd guess they sent 3.8m emails to an average of just over 10 people each email, although many of those emails are going to be pretty much identical only with different recipients. That certainly seems like a common number of addresses to be distributed in To/CC/BCC fields in the spam I see; I guess because it's a plausible enough number to be realistic and avoids triggering blocks/filters based on max recipients. Most mailing lists software or competent senders would either use BCC for random distributio
  • What does this have to do with coronavirus?

  • That the domain registration fee for a new domain needs to be about $1,000.00 and needs to INCREASE by a factor of 10 for each additional domain that you want to register. And the registration should only become active after the payment irreversibly clears the payment system.

    Then these assholes would not be able to afford to register thousands of domain names. They would be out of bankrupt and out of business.

    • That the domain registration fee for a new domain needs to be about $1,000.00 and needs to INCREASE by a factor of 10 for each additional domain that you want to register. And the registration should only become active after the payment irreversibly clears the payment system.

      Then these assholes would not be able to afford to register thousands of domain names. They would be out of bankrupt and out of business.

      The six million domain names they were planning on registering over a period of two years amounts to an eight-figure expense at cheap rates. If said "assholes" can afford that, then there's a damn good chance they can afford 10x of that. Ransomware is predicted to cost business over $6 trillion by 2021, so don't assume bankruptcy would be a realistic threat even if your plan came to fruition.

      • Ransomware is predicted to cost business over $6 trillion by 2021, so don't assume bankruptcy would be a realistic threat even if your plan came to fruition.

        cost of having ransomware != profit from distributing ransomware

        I can only assume whatever source you are referring to is assessing lost productivity along with ransom payments.

    • by Zocalo ( 252965 )
      That approach penalises too many innocents to be viable. With the combination of people using FB etc. as a homepage and Google's attempts to deprecate the URL, I guess personal domains could move back under vanity holding domains without too much kicking and screaming, but what about non-profits and smaller charities, etc. for which a registration of $1k would be a significant expense? You might get away with having a bond placed in escrow for a given probationary period on the grounds that it'll tie up f
    • So you're saying you think "no one will ever need more than 640k domain names"? I think this is the first time I've heard one of those limits seem plausible. :-)
  • On the Microsoft blog page [microsoft.com], they're not actually calling it a takedown...

    By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.

  • I thought we were having a discourse, here.
  • This is how they estimate the number of infected clients and trace it back to a source so that they can begin their campaign. I call this a win for the people willing to share a little bit of info to benefit the masses.

Keep up the good work! But please don't ask me to help.

Working...