Microsoft partnered across 35 countries to disrupt a widespread botnet

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Microsoft partnered with organizations across 35 countries to disrupt the Necurs botnet.
  • Microsoft has tracked Necurs for eight years.
  • Necurs sends millions of spam emails and can also scam people in other ways.

Microsoft partnered with organizations across 35 countries to take steps to disrupt the Necurs botnet. Necurs has infected more than nine million computers in the world. The steps taken today are the culmination of eight years of tracking and planning and are a significant blow against the infrastructure that Nercurs relies on.

Necurs has a massive network for spamming emails to people. In a blog post breaking down the actions taken against Necurs, Microsoft states that over a 58-day period, its investigation observed Necurs-infected computers sending 3.8 million spam emails to over 40.6 million people.

According to Microsoft, Necurs is used to perform a wide range of scams, including pump-and-dump stock scams, fake pharmaceutical scam emails, and "Russian dating" scams. It can also be used to steal credentials for online accounts and steal people's confidential data. In addition to those scams, Necurs can distribute financially targetted malware and ransomware, and crypto mining.

Microsoft's blog post summarizes the specific steps taken this month to battle Necurs:

On Thursday, March 5, the U.S. District Court for the Eastern District of New York issued an order enabling Microsoft to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers. With this legal action and through a collaborative effort involving public-private partnerships around the globe, Microsoft is leading activities that will prevent the criminals behind Necurs from registering new domains to execute attacks in the future.

These steps allowed Microsoft to predict and report domains that Necurs would use as part of its infrastructure. By doing this, Micorosft inhibits Necurs ability to register new domains and stops it from taking control of existing ones. This greatly disrupts the botnet's infrastructure.

Microsoft will also partner with Internet Service Providers and more organizations around the world to battle the Necurs botnet.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at