Microsoft says disrupts cybercrime rings with roots in Kuwait, Algeria

ronjor · Jun 30, 2014

By Jim Finkle

The operation, which began on Monday under an order issued by a federal court in Nevada, targeted traffic involving malicious software known as Bladabindi and Jenxcus, which Microsoft said work in similar ways and were written and distributed by developers in Kuwait and Algeria.
Click to expand...

https://au.news.yahoo.com/thewest/b...ybercrime-rings-with-roots-in-kuwait-algeria/

ronjor · Jun 30, 2014

Microsoft Takes Legal Action to fight Malware: Bladabindi and Jenxcus

Tim Rains - Microsoft Tim Rains - Microsoft

Today, Microsoft filed a civil suit against a Dynamic DNS provider in the U.S. (Vitalwerks Internet Solutions, LLC doing business as No-IP.com) and identified two individuals who are believed to have used this DNS provider to spread and control dangerous malware (Bladabindi and Jenxcus) to unsuspecting victims. Bladabindi or Jenxcus was encountered more than 7.4 million times over the past twelve months worldwide.

The two people identified allegedly used social media to flaunt their creation and the dissemination of two well-known types of malware, known by the Microsoft Malware Protection Center (MMPC) as Jenxcus and Bladabindi.
Click to expand...

http://blogs.technet.com/b/security...-to-fight-malware-bladabindi-and-jenxcus.aspx

Microsoft takes on global cybercrime epidemic in tenth malware disruption
30 Jun 2014 1:23 PM

The following post is from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.

Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.
Click to expand...

http://blogs.technet.com/b/microsof...ime-epidemic-in-tenth-malware-disruption.aspx

ronjor · Jul 1, 2014

Microsoft Darkens 4MM Sites in Malware Fight

Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
Click to expand...

http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/

Minimalist · Jul 1, 2014

Today, following an investigation to which the Microsoft Malware Protection Center (MMPC) contributed, the Microsoft Digital Crimes Unit initiated a disruption of the Jenxcus and Bladabindi malware families. These families are believed to have been created by individuals Naser Al Mutairi, aka njQ8, and Mohamed Benabdellah, aka Houdini. These actions are the first steps to stop the people that created, distributed, and assisted the propagation of these malware families.
Click to expand...

http://blogs.technet.com/b/mmpc/arc...-jenxcus-and-bladabindi-malware-families.aspx

Minimalist · Jul 1, 2014

Microsoft’s latest takedown of a malware operation, announced Monday and involving the infrastructure of several malware families, has, like many of the company’s actions, elicited strong opinions on both sides of the issue from security researchers, activists and others with a stake in the game.
Click to expand...

http://threatpost.com/latest-microsoft-malware-takedown-causes-waves-in-security-community

Minimalist · Jul 1, 2014

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.
Click to expand...

http://arstechnica.com/security/201...-suffer-after-microsoft-seizes-no-ip-domains/

elapsed · Jul 1, 2014

I hope someone sues the living **** out of Microsoft for this, and the judge that approved this. Totally ruined my day, and the day of millions of people around the world, to take down a few subdomains. Lunatics.

I'm gobsmacked how this is even legal, it's like nuking a city of millions because a few people were miscreants. Most of the comments on Krebs' article says it all.

ronjor · Jul 2, 2014

Microsoft admits technical error in IP takeover, but No-IP still down

No-IP claims Microsoft doesn't appear to be very good at DNS

By Jeremy Kirk | IDG News Service
Click to expand...

http://www.infoworld.com/d/security...-error-in-ip-takeover-no-ip-still-down-245463

Minimalist · Jul 2, 2014

Microsoft issues mea culpa to No-IP, but service reportedly remains down for many

The cause isn't yet clear, but more than 36 hours after Microsoft disrupted dynamic DNS hosting for millions of No-IP.com users, service reportedly remained down for many, and the main website was also unavailable.
Click to expand...

http://arstechnica.com/security/201...but-service-reportedly-remains-down-for-many/

siljaline · Jul 2, 2014

Critics blast Microsoft's takedown of No-IP domains

Computerworld - Microsoft's tactics in using a court order to seize nearly two-dozen No-IP.com domains it said were used to distribute Windows malware tools were called ham-handed by several critics.
No-IP, a Reno, Nev. provider of dynamic domain name services, said Microsoft's sudden takedown of its domains was initiated without prior warning and disrupted Internet service for innocent customers.

http://www.computerworld.com/s/article/9249515/Critics_blast_Microsoft_s_takedown_of_No_IP_domains

Good info here | See also:
http://garwarner.blogspot.nl/2014/06/microsoft-njrat-and-no-ip.html
Click to expand...

Click to expand...

Minimalist · Jul 2, 2014

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain.
It seems that malware folks have been using dynamic DNS services to mask their activities, it has been reported before by Cisco and No-IP appears to be one of the worst perpetrators (even though it’s through no real fault of their own).
Click to expand...

http://www.darknet.org.uk/2014/07/microsofts-anti-malware-action-cripples-dynamic-dns-service-no-ip/

ronjor · Jul 2, 2014

No-IP Responds to Microsoft's Legal Seizure of Its Domains
Jul 1, 2014 Rod Trent

No-IP suggests that Microsoft's "draconian actions" have affected millions of innocent Internet users (i.e., No-IP's customers). I wonder how that compares to the millions of users infected by malware that was allowed to spread over the last year.
Click to expand...

http://windowsitpro.com/security/no-ip-responds-microsofts-legal-seizure-its-domains

siljaline · Jul 2, 2014

Security World To Microsoft: Stop Trying To Police The Internet
http://www.forbes.com/sites/thomasb...microsoft-stop-trying-to-police-the-internet/

Minimalist · Jul 3, 2014

Order restored to universe as Microsoft surrenders confiscated No-IP domains

Microsoft has surrendered the 23 domain names it confiscated from dynamic domain hosting service No-IP.com, a move that begins the process of restoring millions of connections that went dark as a result of the highly controversial legal action.
Click to expand...

http://arstechnica.com/security/201...crosoft-surrenders-confiscated-no-ip-domains/

Minimalist · Jul 3, 2014

NO-IP is one of the many Dynamic DNS providers out there, which can be used for free to register a subdomain on top of popular names such as “servepics.com” or “servebeer.com”. For a long time, this has been a favorite method for cybercriminals who wanted to register easy to update hostnames to control their malware implants.
Click to expand...

http://www.securelist.com/en/blog/2...minal_and_nation_state_APT_malware_operations

Minimalist · Jul 3, 2014

Microsoft takes down No-IP DNS domains in cybercrime fight - right or wrong? [POLL]

http://nakedsecurity.sophos.com/201...ains-in-cybercrime-fight-right-or-wrong-poll/

Was Microsoft's takedown over the top?

No. Zombie malware is a huge financial scourge and we need low tolerance of it. 18,000 misused domains alleged on one DNS provider is too many to do nothing. The court did the right thing.

Yes. Zombie malware is more the fault of the individual infected users than of the DNS provider whose services are misused. The court "fixed" the wrong part of the problem.
Click to expand...

Minimalist · Jul 7, 2014

Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.
Click to expand...

http://threatpost.com/all-seized-domains-returned-to-no-ip

mirimir · Jul 8, 2014

The legal seizure of domains, and the resulting disruption to legitimate users, will likely define the precedent for future civil actions against companies that seemingly do not do enough to clean their networks.
After nearly a week, the last users of the dynamic domain-name system known as No-IP are back online and able to reach their servers through the service, following technical glitches resulting from Microsoft's seizure of 23 domain names belonging to company.

Microsoft seized the domains on June 30 without notifying No-IP in an attempt to dismantle cyber-criminals use of the service to infect and steal data from more than 7.4 million Windows users, the company said. By taking over the 23 domains, Microsoft aimed to filter out malicious traffic and allow legitimate users to access their systems through the dynamics DNS service. Instead, a technical glitch on Microsoft’s part resulted in millions of users disconnected from their systems, according to No-IP.
Click to expand...

http://www.eweek.com/security/no-ip-domain-system-users-return-online-after-microsoft-take-down.html

siljaline · Jul 8, 2014

Notice of suit Microsoft versus named defendants, others.
http://www.noticeoflawsuit.com/

ronjor · Jul 9, 2014

Microsoft drops case that severed DNS hosting for millions of No-IP users

No-IP didn't knowingly harbor botnet operators targeted in takedown, MS declares.

by Dan Goodin - July 9 2014, 1:33pm CST
Click to expand...

http://arstechnica.com/security/201...ered-dns-hosting-for-millions-of-no-ip-users/

mirimir · Jul 9, 2014

I see nothing about compensation for websites that got hosed, just an apology from Microsoft.

siljaline · Jul 9, 2014

More info here that may be of interest to some.
http://www.cso.com.au/article/54968..._after_disrupting_its_business_botnet_action/

ronjor · Jul 10, 2014

When asked if Microsoft agreed to pay Vitalwerks as part of a settlement, a company spokeswoman said she couldn’t discuss the agreement other than to say the smaller company is “very pleased with the terms.”
Click to expand...

http://blogs.wsj.com/digits/2014/07...ercrime-hits-regular-internet-usersuto-draft/

Dermot7 · Mar 20, 2015

njRAT Trojan also known as Bladabindi, is a Remote Access Tool (RAT) that was first seen in 2013 and has been extremely prevalent in the Middle Eastern region. njRAT was developed using Microsoft's .NET framework and like many other RATs, provides complete control of the infected system and delivers an array of features to the remote attacker. We have seen attackers leveraging popular gaming & software application cracks & keygens as the lure to infect end users.
There have been many variants of njRAT. H-Worm, also known as Houdini, is one of the most popular variants and was reportedly used in attacks against the international energy sector. In this blog we will provide a brief overview of njRAT and H-Worm as well as an analysis of the H-Worm activity we've seen over the past few months.
Click to expand...

http://research.zscaler.com/2015/03/njrat-h-worm-variant-infections.html

Log in or Sign up

Microsoft says disrupts cybercrime rings with roots in Kuwait, Algeria

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

elapsed Registered Member

ronjor Global Moderator

Minimalist Registered Member

siljaline Registered Member

Minimalist Registered Member

ronjor Global Moderator

siljaline Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

mirimir Registered Member

siljaline Registered Member

ronjor Global Moderator

mirimir Registered Member

siljaline Registered Member

ronjor Global Moderator

Dermot7 Registered Member

Log in or Sign up

Microsoft says disrupts cybercrime rings with roots in Kuwait, Algeria

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

elapsed Registered Member

ronjor Global Moderator

Minimalist Registered Member

siljaline Registered Member

Minimalist Registered Member

ronjor Global Moderator

siljaline Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

mirimir Registered Member

siljaline Registered Member

ronjor Global Moderator

mirimir Registered Member

siljaline Registered Member

ronjor Global Moderator

Dermot7 Registered Member

Useful Searches