Microsoft and partners in 35 countries have taken legal and technical steps to disrupt the highly prolific “Necurs” botnet. Analysis of the domain generation algorithm (DGA) used by Necurs led to identifying six
million domains that could fall victim to the botnet. Microsoft’s team is working to get those domains blocked. Necurs is the largest and most prevalent botnet, and has been used by multiple threat actors to spread malware since 2012; its operators have offered incentives to use the botnet “as a service”. Since Necurs’ creation, nine million devices have been infected. Disruption to the botnet will probably have a significant impact on the cyber-threat landscape, and as Necurs users search for alternative botnets, organizations should continue to implement basic security practices to protect their infrastructure from infection.