Microsoft scores vs. cybercriminals, seizes 22 NO-IP domains

 

 

Software giant Microsoft this week scored anew against global cybercrime, seizing more than 20 domains of a DNS provider suspected of being used by cybercriminals.

 

Microsoft Digital Crimes Unit assistant general counsel Richard Boscovich said this is part of the heightened stakes against global cybercrime.

 

"We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware," Boscovich said in a blog post.

 

Boscovich said Microsoft, in a civil case filed June 19, named Mohamed Benabdellah and Naser Al Mutairi, and US-based Vitalwerks Internet Solutions, LLC (No-IP.com), for "creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large."

 

Microsoft sought an ex parte temporary restraining order from the U.S. District Court for Nevada against No-IP.

 

The court granted the software giant's request on June 26, making Microsoft the DNS authority for the company’s 23 free No-IP domains.

 

Such a move allowed Microsoft to "identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats," Boscovich said.

 

Free dynamic DNS

 

Boscovich said cybercriminals in this case abused Dynamic Domain Name Service (DNS), a method of automatically updating a listing in the Internet’s address book.

 

"Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains," he said.

 

He added Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, not counting detections by other anti-virus providers.

 

"Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity," he said.

 

Meanwhile, the new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs).

 

This in turn will help them repair the damage caused by Bladabindi-Jenxcus and other types of malware, Boscovich said.

 

Domain owners

 

Boscovich, meanwhile, said domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure.

 

"If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions," he said.

 

3rd malware disruption

 

Boscovich also said this was the third malware disruption by Microsoft since the Microsoft Cybercrime Center was unveiled last November.

 

NO-IP response

 

But NO-IP said it was surprised that Microsoft "never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives."

 

"Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users," it added.

 

"Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly," it added. — Joel Locsin/TJD, GMA News