Microsoft Cyber Security Team has been performing malware analysis with reverse engineering method since 2017. The Cyber Security Team has worked extensively with the collaboration to resolve the infrastructure of the Necurs malware control-command system. Necurs was first detected in 2012, and was detected to have infiltrated more than 83,000 computers worldwide in two months. Previously, malware that spread so fast has not been encountered. Necurs Botnets are structurally compared to the Trojan horse. It connects to your computer with a spammy or e-mail that seems harmless and multiplies. Necurs; GameOver is also considered the ancestor of many malware such as Zeus, Dridex, Locky, Trickbot.
In 2013, Necurs Botnets were replaced by Game over Zeus. With Game over Zeus, Necurs shifted to second gear and started using the Upatre installer to make way for him. By the end of 2014, Cyber Security teams resolved the operation system of Game over Zeus botnet and eliminated this malware. However, Necurs Botnet's new trump card family was ready: Crypto Locker ransomware. Crypto Locker was one of the most famous ransomware codes at the time and made an estimated $ 30 million illegal profit in just 100 days. Following the rapidly rising ransomware trend in 2015, Necurs continued to distribute crypt-ransom ware that year, sometimes through well-known exploit kits such as Magnitude and Angler. In 2016, it opened a new page in Necurs operations. He started using millions of powerful Botnets as spam infrastructure. From 2016 to 2019, the most important method of spreading spam and malware by criminals was Nercus and was responsible for 90% of malware spread worldwide by email.
Botnets are transmitted through email attachments or malware that send spam to the victim's system.After entering a system, Necurs disables a large number of security applications, including Windows Security Wall, to protect both itself and other malware in the infected system. kernel mode uses rootkit features to leave. Necurs are modular, more specifically, it allows operators to change the way they work over time. The fact that Necurs is modular makes traceability difficult.
Bitsight conducted a research on Necurs Botnets as a result of its partnership with Microsoft Cyber Security teams. They determined 11 Necurs Bonet during the research. 4 of them caused 95% of the attacks. Necurs interrupted his attacks from time to time. Unexpectedly, his attacks slowed down from March 2019 to 2020. Even in this waiting period, the system infected 2000 million Botnet systems.
In the chart below, we shared the 5 countries most affected by Necurs Botnets for the first seven days of March 2020. This data is the information that reaches Bitsight's system. Normally, you can see that these figures are a small part of the truth.
Microsoft and its partners in 35 countries took coordinated legal and technical steps to disrupt one of the world's most productive Botnets, called Necurs, that infect more than nine million computers worldwide. After eight years of monitoring and planning as above, it managed to keep the Botnets under control. On Thursday, March 5; New York's East District US District Court issued an order that allowed Microsoft to control the US-based infrastructure used by Necurs to distribute malware. This was accomplished through a collaborative effort involving legal action and public-private partnerships around the world. Microsoft Cyber Security team is pioneering activities that will prevent criminals behind Necurs from registering new domains for future attacks. These measures caueses cyber criminals will no longer be able to use the basic elements of their infrastructure used to carry out their attacks.
The Microsoft Cyber Security Team took major measures today to combat cyber criminals. However, cyber criminals will find new techniques to continue their illegal acquisitions. It is imperative that you invest in information security to protect your company's data and not to fall into the ransom network of cyber attackers.
Check out our cyber security trainings to take cyber security measures!
For further information contact us:
+90 212 282 77 00