• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Part of Global Operation to Disrupt World's Largest Online Criminal Network

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.35/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
Microsoft today announced it was part of a global operation meant to disrupt the world's largest online criminal network. Dubbed Necurs, the network functioned as a botnet - a number of computers infected by malware or otherwise malicious software that are functioning on behalf of a botmaster. The botmaster is basically akin to an administrator - but for nefarious purposes.

Thought to be controlled by criminals based in Russia, Necurs spanned more than nine million computing devices across 35 countries, making it one of the largest spam email threat ecosystems known to authorities - besides being used for pump-and-dump stock scams, fake pharmaceutical spam email and "Russian dating" scams. Necurs was such a well-oiled machine that it was seen sending 3.8 million spam messages to over 40 million targets across a 58-day long time frame in the investigation.





Bringing Necurs down took eight years of tracking, planning, and a joint effort between the judicial system and key technology players. These efforts culminated, according to Microsoft, with the company being enabled to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers by a judicial order. The idea - and planned attack vector - was to disrupt Necurs operations in their currently active domains, whilst also breaking the organization's algorithm that enabled it to constantly generate new domains for future exploits.

The company also added that "Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet."

Microsoft is also partnering with Internet Service Providers (ISPs) and others around the world to rid their customers' computers of malware associated with the Necurs botnet - a remediation effort global in scale and involving collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).

View at TechPowerUp Main Site
 
Joined
Sep 3, 2017
Messages
239 (0.10/day)
Location
Russia
Processor FX 8320 @4.2 | i7 2600 @3.8 | Xeon W3670 @ 3.6
Motherboard Asus Sabertooth R2.0 | Asus P8Z77-V Deluxe | Gigabyte X58-UD7
Cooling Zalman Performa 10+ | Zalman Performa 11+ | Zalman Performa 10+
Memory Crucial Ballistix Sport XT 32GB @ 1866 | Corsair Vengeance 32GB @1866 | Samsung 24GB @ 1600
Video Card(s) XFX Radeon 390x | Zotac GTX 1070 AMP Extreme | Zotac GTX 980 AMP Extreme
Storage Intel SSD / SAS 15k Fujitsu | Intel SSD / Velociraptors / Hitachi 2TB | Intel SSD / Samsung 1TB
Display(s) Samsung 245T | HP ZR30w | IBM 20" 4x3
Case Chieftec | Corsair Graphite 600T | Thermaltake Xaser IV
Audio Device(s) SB Titanium HD | SB Titanium HD | SB X-fi Elite Pro
Power Supply Thermaltake 875W | Corsair 850W | Thermaltake 1500W
Mouse Logitech | Logitech | Logitech
Keyboard Mitsumi Classic | Microsoft |Microsoft
Software W7 x64 | W7 x64 |W7 x64 / XP x32
Spam e-mails in 2020 with 40 million targets around WHOLE world...:clap:, that was relevant in 2005-2012. :respect::respect::respect: MS
 
Joined
Oct 14, 2017
Messages
210 (0.09/day)
System Name Lightning
Processor 4790K
Motherboard asrock z87 extreme 3
Cooling hwlabs black ice 20 fpi radiator, cpu mosfet blocks, MCW60 cpu block, full cover on 780Ti's
Memory corsair dominator platinum 2400C10, 32 giga, DDR3
Video Card(s) 2x780Ti
Storage intel S3700 400GB, samsung 850 pro 120 GB, a cheep intel MLC 120GB, an another even cheeper 120GB
Display(s) eizo foris fg2421
Case 700D
Audio Device(s) ESI Juli@
Power Supply seasonic platinum 1000
Mouse mx518
Software Lightning v2.0a
yhe microsoft don't wanne anyone else stilling money other than themselfs :)
 
Joined
Dec 3, 2012
Messages
613 (0.15/day)
Processor Intel i9 9900K @5Ghz 1.32vlts
Motherboard Gigabyte Z390 Aorus Pro Wi-Fi
Cooling BeQuiet Dark Rock 4
Memory 32GB Corsair Vengeance Pro DDR4 3200Mhz (16-18-18-36)
Video Card(s) Nvidia RTX 3080 Founders Edition
Storage 512GB Gigabyte Aorus NVMe (Boot) 1TB Crucial NVMe (Games)
Display(s) LG UK850 27in 4K Freesync/G-Sync/HDR 600
Case Fractal Design Meshify C Windowed (Dark Tint)
Audio Device(s) Corsair HS70 Special Edition Wireless Headphones & 7.1 Sound
Power Supply Corsair RMx 850w Gold
Mouse HyperX Pulsefire Surge RGB
Keyboard HyperX Alloy Elite Mechanical RGB (Cherry Red)
Software Windows 10 Home
Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.

It's almost as if they have no other purpose for existing as a country.
 
Joined
Oct 5, 2017
Messages
595 (0.25/day)
Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?
 
Joined
Jul 18, 2016
Messages
506 (0.18/day)
System Name Gaming PC / I7 XEON
Processor I7 4790K @stock / XEON W3680 @ stock
Motherboard Asus Z97 MAXIMUS VII FORMULA / GIGABYTE X58 UD7
Cooling X61 Kraken / X61 Kraken
Memory 32gb Vengeance 2133 Mhz / 24b Corsair XMS3 1600 Mhz
Video Card(s) Gainward GLH 1080 / MSI Gaming X Radeon RX480 8 GB
Storage Samsung EVO 850 500gb ,3 tb seagate, 2 samsung 1tb in raid 0 / Kingdian 240 gb, megaraid SAS 9341-8
Display(s) 2 BENQ 27" GL2706PQ / Dell UP2716D LCD Monitor 27 "
Case Corsair Graphite Series 780T / Corsair Obsidian 750 D
Audio Device(s) ON BOARD / ON BOARD
Power Supply Sapphire Pure 950w / Corsair RMI 750w
Mouse Steelseries Sesnsei / Steelseries Sensei raw
Keyboard Razer BlackWidow Chroma / Razer BlackWidow Chroma
Software Windows 1064bit PRO / Windows 1064bit PRO
damn always russian LOL
 
Joined
Aug 17, 2017
Messages
274 (0.11/day)
more are Iranian, not Russian. Outdated to think otherwise, go do your own research. 70% is known to be from Iran and a few other neighboring areas.
 
Joined
May 3, 2018
Messages
2,232 (1.03/day)
Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.

It's almost as if they have no other purpose for existing as a country.

I have to agree, they seem to go out of their way to to live up to their stereotype. Putin's the problem and they are trying to let him stay in power until 2036.
 
Joined
Jul 16, 2014
Messages
8,115 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?
yes, math. each message has multiple targets.
 
Joined
Jan 16, 2008
Messages
1,349 (0.23/day)
Location
Milwaukee, Wisconsin, USA
Processor i7-3770K
Motherboard Biostar Hi-Fi Z77
Cooling Swiftech H20 (w/Custom External Rad Enclosure)
Memory 16GB DDR3-2400Mhz
Video Card(s) Alienware GTX 1070
Storage 1TB Samsung 850 EVO
Display(s) 32" LG 1440p
Case Cooler Master 690 (w/Mods)
Audio Device(s) Creative X-Fi Titanium
Power Supply Corsair 750-TX
Mouse Logitech G5
Keyboard G. Skill Mechanical
Software Windows 10 (X64)
more are Iranian, not Russian. Outdated to think otherwise, go do your own research. 70% is known to be from Iran and a few other neighboring areas.

Who's more credible here, Microsoft or random guy on the internet?
 

silentbogo

Moderator
Staff member
Joined
Nov 20, 2013
Messages
5,470 (1.45/day)
Location
Kyiv, Ukraine
System Name WS#1337
Processor Ryzen 7 3800X
Motherboard ASUS X570-PLUS TUF Gaming
Cooling Xigmatek Scylla 240mm AIO
Memory 4x8GB Samsung DDR4 ECC UDIMM
Video Card(s) Inno3D RTX 3070 Ti iChill
Storage ADATA Legend 2TB + ADATA SX8200 Pro 1TB
Display(s) Samsung U24E590D (4K/UHD)
Case ghetto CM Cosmos RC-1000
Audio Device(s) ALC1220
Power Supply SeaSonic SSR-550FX (80+ GOLD)
Mouse Logitech G603
Keyboard Modecom Volcano Blade (Kailh choc LP)
VR HMD Google dreamview headset(aka fancy cardboard)
Software Windows 11, Ubuntu 20.04 LTS
Lol..Russians.

Doing everything they can to live up to being the worlds comicbook villians.
They've only disrupted the infrastructure. No one knows where these are from. Could be Chinese, Iranian, Turkish or Romanian.
And the whole thread is very understated in this MS fluffpiece. It started way longer than 58 days ago, and the scope is way bigger than what they say.

Necurs is believed to be operated by criminals based in Russia
To quote the source, "believed" is a keyword.

Over the past year spam problems intensified so much that I went from simple monthly checkups on our mail server, to weekly marathons of re-working and adding new custom filters.
Including all the crap sent to bogus addresses in our domain, we get thousands of spam messages daily. SpamAssassin , Spamhaus, or any other anti-spam/blacklisting service is of no use.

We also have a huge outbreak of ransomware (which conveniently started around 3mo ago), and attacks range from usual spam-vector to targeted attack on machines with unpatched RDP vulnerability. It sounds silly, but we have lots of greedy small/medium business retards running pirated Windows 7 or Server 2013 with updates disabled, and facing the world on port 3389, while having weak credentials.
 
Joined
Feb 8, 2012
Messages
3,012 (0.68/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
Enough with Russians and Iranians theories please ... it's a botnet, it's everywhere, "Admin" is probably at some resort in Seychelles, who cares where are his parents from?
It's not like he's running illegal streaming service and needs low regulation hosting + domain name
 
Joined
Jul 10, 2011
Messages
788 (0.17/day)
Processor Intel
Motherboard MSI
Cooling Cooler Master
Memory Corsair
Video Card(s) Nvidia
Storage Samsung/Western Digital/ADATA
Display(s) Samsung
Case Thermaltake
Audio Device(s) On Board
Power Supply Seasonic
Mouse A4TECH
Keyboard UniKey
Software Windows 10 x64
100% this botnet had support from ruskies government.
 
Joined
Nov 21, 2010
Messages
2,223 (0.46/day)
Location
Right where I want to be
System Name Miami
Processor Ryzen 3800X
Motherboard Asus Crosshair VII Formula
Cooling Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory F4-3600C16Q-32GTZNC
Video Card(s) XFX 6900 XT Speedster 0
Storage 1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s) DELL AW3420DW / HP ZR24w
Case Lian Li O11 Dynamic XL
Audio Device(s) EVGA Nu Audio
Power Supply Seasonic Prime Gold 1000W+750W
Mouse Corsair Scimitar/Glorious Model O-
Keyboard Corsair K95 Platinum
Software Windows 10 Pro
yes, math. each message has multiple targets.

There isn't math just poor wording. Even if that wasn't the case as written in the article an operator isn't declared and the reader has to make an assumption for it to make sense, an assumption that is most likely wrong because there is no operator due to the TPU author trying to spice things up or by accident. Here is the original text:

"...sent a total of 3.8 million spam emails to over 40.6 million potential victims."

36.8 million potential victims do not receive an email. 3.8 million sent emails sent doesn't sound so impressive right? But wait!

"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."

There is more than just one computer in the botnet, and how many are there? no one knows besides the botmaster.
 
Last edited:
Joined
Jul 16, 2014
Messages
8,115 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
There isn't math just poor wording. Even if that wasn't the case as written in the article an operator isn't declared and the reader has to make an assumption for it to make sense, an assumption that is most likely wrong because there is no operator due to the TPU author trying to spice things up or by accident. Here is the original text:

"...sent a total of 3.8 million spam emails to over 40.6 million potential victims."

36.8 million potential victims do not receive an email. 3.8 million sent emails sent doesn't sound so impressive right? But wait!

"During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims."

There is more than just one computer in the botnet, and how many are there? no one knows besides the botmaster.
There are several botnets around for varying purposes from what I've read, /tin-hat.
 
Joined
Nov 21, 2010
Messages
2,223 (0.46/day)
Location
Right where I want to be
System Name Miami
Processor Ryzen 3800X
Motherboard Asus Crosshair VII Formula
Cooling Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory F4-3600C16Q-32GTZNC
Video Card(s) XFX 6900 XT Speedster 0
Storage 1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s) DELL AW3420DW / HP ZR24w
Case Lian Li O11 Dynamic XL
Audio Device(s) EVGA Nu Audio
Power Supply Seasonic Prime Gold 1000W+750W
Mouse Corsair Scimitar/Glorious Model O-
Keyboard Corsair K95 Platinum
Software Windows 10 Pro
Wait.

How can they have sent 3.8 million messages to 40 million targets? Am I missing something here?

It's trying to say that one infected computer in the network sent 3.8 million messages and chose from a list 40 million to send them to.
 
Top