破坏世界上最大的在线犯罪网络的新行动
Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.
如今,微软和35个国家/地区的合作伙伴采取了协调一致的法律和技术步骤,以破坏称为Necurs的世界上最多产的僵尸网络之一,该僵尸网络已感染了全球900万台计算机。 这种中断是八年跟踪和计划的结果,将有助于确保该网络背后的犯罪分子不再能够使用其基础结构的关键元素来执行网络攻击。
A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking *.
僵尸网络是网络犯罪分子感染了恶意软件或恶意软件的计算机网络。 一旦被感染,犯罪分子就可以远程控制这些计算机并使用它们进行犯罪。 微软的数字犯罪部门,BitSight和安全社区中的其他人于2012年首次观察到Necurs僵尸网络,并看到它分发了多种形式的恶意软件,包括GameOver Zeus银行木马 。
The Necurs botnet is one of the largest networks in the spam email threat ecosystem, with victims in nearly every country in the world. During a 58-day period in our investigation, for example, we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.
Necurs僵尸网络是垃圾邮件威胁生态系统中最大的网络之一,全世界几乎每个国家都有受害者。 例如,在为期58天的调查中,我们观察到一台感染了Necurs的计算机向超过4060万潜在受害者发送了总计380万个垃圾邮件。
Necurs is believed to be operated by criminals based in Russia and has also been used for a wide range of crimes including pump-and-dump stock scams, fake pharmaceutical spam email and “Russian dating” scams. It has also been used to attack other computers on the internet, steal credentials for online accounts, and steal people’s personal information and confidential data. Interestingly, it seems the criminals behind Necurs sell or rent access to the infected computer devices to other cybercriminals as part of a botnet-for-hire service. Necurs is also known for distributing financially targeted malware and ransomware, cryptomining, and even has a DDoS (distributed denial of service) capability that has not yet been activated but could be at any moment.
Necurs被认为是由位于俄罗斯的犯罪分子经营的,也已被广泛用于各种犯罪,包括自动转储股票诈骗,伪造的垃圾邮件电子邮件和“俄罗斯约会”诈骗。 它还被用来攻击互联网上的其他计算机,窃取在线帐户的凭据以及窃取人们的个人信息和机密数据。 有趣的是,Necurs背后的罪犯似乎将僵尸网络出售或出租的方式将受感染的计算机设备的访问权出售或出租给其他网络罪犯。 Necurs还以分发针对财务的恶意软件和勒索软件,加密采矿而闻名,甚至还具有尚未**但随时可能启用的DDoS(分布式拒绝服务)功能。
On Thursday, March 5, the U.S. District Court for the Eastern District of New York issued an order enabling Microsoft to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers. With this legal action and through a collaborative effort involving public-private partnerships around the globe, Microsoft is leading activities that will prevent the criminals behind Necurs from registering new domains to execute attacks in the future.
3月5日,星期四,美国纽约东区地方法院发布了一项命令,使Microsoft能够控制Necurs用于分发恶意软件并感染受害者计算机的美国基础设施。 通过这项法律诉讼,以及通过涉及全球公私合作伙伴关系的合作努力,Microsoft正在领导各种活动,这些活动将防止Necurs背后的罪犯注册新的域以在将来执行攻击。
This was accomplished by analyzing a technique used by Necurs to systematically generate new domains through an algorithm. We were then able to accurately predict over six million unique domains that would be created in the next 25 months. Microsoft reported these domains to their respective registries in countries around the world so the websites can be blocked and thus prevented from becoming part of the Necurs infrastructure. By taking control of existing websites and inhibiting the ability to register new ones, we have significantly disrupted the botnet.
这是通过分析Necurs使用的通过算法系统地生成新域的技术来实现的。 这样,我们就可以准确地预测在未来25个月内将创建的超过600万个唯一域。 Microsoft将这些域报告给了他们在世界各地的国家/地区的注册管理机构,因此,这些网站可以被阻止,从而阻止它们成为Necurs基础结构的一部分。 通过控制现有网站并抑制注册新网站的能力,我们极大地破坏了僵尸网络。
Microsoft is also taking the additional step of partnering with Internet Service Providers (ISPs) and others around the world to rid their customers’ computers of malware associated with the Necurs botnet. This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP). Through CTIP, Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies responsible for the enforcement of cyber laws and the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction, as well as a view of compromised computers and victims impacted by such criminal infrastructure.
微软还采取了与互联网服务提供商(ISP)和全球其他组织合作的额外步骤,以消除其客户计算机中与Necurs僵尸网络相关的恶意软件。 这项修复工作具有全球规模,涉及通过Microsoft网络威胁情报计划(CTIP)与行业,*和执法部门的合作伙伴进行协作。 通过CTIP,Microsoft提供了执法,*计算机紧急响应小组(CERT),ISP和负责执行网络法律和保护关键基础设施的*机构,从而可以更好地了解其管辖范围内的犯罪网络基础设施以及受此类犯罪基础结构影响的受感染计算机和受害者的看法。
For this disruption, we are working with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, *, India, Japan, France, Spain, Poland and Romania, among others. Each of us has a critical role to play in protecting customers and keeping the internet safe.
对于这种破坏,我们正在与ISP,域名***构,*CERT和墨西哥,哥伦比亚,*,印度,日本,法国,西班牙,波兰和罗马尼亚等地的执法部门合作。 我们每个人在保护客户和保持互联网安全方面都可以发挥至关重要的作用。
To make sure your computer is free of malware, visit support.microsoft.com/botnets.
为确保您的计算机没有恶意软件,请访问support.microsoft.com/botnets。