Microsoft not the Feds
WASHINGTON — Microsoft organized 35 nations on Tuesday to take down one of the world’s largest botnets — malware that secretly seizes control of millions of computers around the globe. It was an unusual disruption of an internet criminal group, because it was carried out by a company, not a government.
The action, eight years in the making, was aimed at a criminal group called Necurs, believed to be based in Russia. Microsoft employees had long tracked the group as it infected nine million computers around the world, hijacking them to send spam emails intended to defraud unsuspecting victims. The group also mounted stock market scams and spread ransomware, which locks up a computer until the owner pays a fee.
“Rapidly, they (Microsoft) took over or froze six million domain names that Necurs was using or had inventoried for future attacks.” A domain name can be a website — www.nytimes.com is a legitimate one, for example — but Necurs had created an algorithm to spawn millions of new domains, often with deceptive names, for future use against unsuspecting victims. Microsoft engineers had cracked the code.