Skip to main content

Microsoft cybercrime crackdown sees millions of sites shut down

Microsoft has taken unprecedented action against million of cybercriminals by shutting down a barrage of servers used to infect PCs with dangerous malware across the globe.

Related: Microsoft unveils cybercrime centre in fight against malware

The firm, which obtained a court order, gained control of a large number of domains being used to spread malware and in the process shut down legitimate sites due to what the domain owner called “heavy-handed” tactics.

“In a civil case filed on 19 June, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC [doing business as], for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large,” read a blog from Richard Domingues Boscovich, assistant general counsel of Microsoft’s Digital Crimes Unit.

Microsoft stated that No-IP’s infrastructure had been used to facilitate the spread of the Jenxcus and Bladabindi malicious programs in 93 per cent of cases that it has seen and in the past year the virus has been detected in some form over 7.4 million times. The two pieces of malware allow offenders to steal data, record keystrokes and even listen to sounds that were happening around the computer.

Federal court in Nevada granted Microsoft ownership over the domains as it managed to convince the court that No-IP didn’t do enough to prevent them being used for malicious purposes.

No-IP is unhappy at the level of disruption caused and doubts that Microsoft had any idea at the number of innocent customers that would be affected by the move.

"Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors,” it wrote in a statement, according to the BBC.

The original owner of the domains also added that Microsoft hadn’t made enough of an effort to contact them in relation to limiting the sites.

Related: Microsoft extends Windows XP anti-malware signature support in 2015

"Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives,” No-IP added.