Microsoft Corp. said Tuesday it has teamed with security firm Bitsight Technologies Inc. and others to take down the infamous Necurs botnet.

The botnet, regarded as one of the world’s most prolific botnets, has infected more than 9 million computers worldwide and was used for a variety of illegal activities, primarily as a dropper for other malware.

In 2017 it was reported that Necurs was being used to spread malware that took screenshots and gathered data, while in August 2018 the botnet was being used to target banks in a massive phishing campaign.

Microsoft said it managed to take down Necurs via legal and technical steps. The legal steps included Microsoft having the U.S. District Court for the Eastern District of New York issue an order enabling the company to take control of U.S.-based infrastructure Necurs used to distribute malware and infect victim computers.

“With this legal action and through a collaborative effort involving public-private partnerships around the globe, Microsoft is leading activities that will prevent the criminals behind Necurs from registering new domains to execute attacks in the future,” Tom Burt, Microsoft corporate vice president, customer security and trust, said in a blog post.

Necurs has links all over the last decade when it comes to the distribution of malware, phishing, scams and ransomware. A shortlist of malware linked to Necurs includes Zeus, Dridex, Locky and Trickbot.

There was 660,000 Necurs infection observed worldwide in the first seven days of March alone, according to BitSight. From 2016 to 2019, it was the most prominent method to deliver spam and malware by criminals, responsible for 90% of the malware spread by email worldwide, BitSight noted.

That said, there will always be other botnets developed. As BitSight security researcher Valter Santos told Infosecurity Magazine “BitSight will be getting back to work — we are tracking more than 200 billion events on a daily basis. There’s more malware out there.”

Image: bangdoll/Flickr