BitSight and Microsoft take down Necurs

BitSight (www.bitsight.com) has announced a major breakthrough in the fight against hackers, with the takedown of the prolific Necurs botnet.

Since 2017, BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against the threat, including reverse engineering, malware analysis, modules updates, infection telemetry and command and control updates and forensic analysis.

Necurs was first detected in 2012.  It is used in a variety of illegal activities, but it is primarily known as a dropper for other malware, including GameOver Zeus, Dridex, Locky, Trickbot and others.  Its main uses have been as a spambot, a delivery mechanism for ransomware, financial malware and for running pump and dump stock scams.  From 2016 to 2019, it was the most prominent method to deliver spam and malware by criminals and was responsible for 90% of the malware spread by email worldwide.

Valter Santos, Senior Security Analyst, BitSight, published a blog (https://www.bitsight.com/blog/joint-effort-with-microsoft-to-takedown-massive-criminal-botnet-necurs) which includes a background on Necurs and how the malware infects a victim’s system; Necurs infections observed in the last years in BitSight sinkholes; Geographic distribution of Necurs infections; and a list of indicators of compromise, composed by malware samples hashes, domains, C2 and supernodes IP addresses.

With this joint action, BitSight hopes that researchers and network defenders can hunt and clean up Necurs infections in their networks in order to better eradicate it.

 

​

​​

​

​

​

​

​

​

​