Microsoft Darkens 4MM Sites in Malware Fight


Userlevel 7
Badge +54
Millions of Web sites were shuttered Monday morning after Microsoft executed a legal sneak attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.
 
In its latest bid to harness the power of the U.S. legal system to combat malicious software and cybercrooks, Microsoft convinced a Nevada court to grant the software giant authority over nearly two dozen domains belonging to no-ip.com, a company that provides dynamic domain name services.
Dynamic DNS services are used to map domain names to numeric Internet address that may change frequently. Typically, the biggest users of dynamic DNS services are home Internet users who wish to have a domain name that will always point back to their home computer, no matter how many times their ISP changes the numeric Internet address assigned to that computer.
 
Full Article

7 replies

Userlevel 7
Badge +54

Legitimate users caught in legal fire designed to take down botnets.

by Dan Goodin - July 1 2014
 
Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.
Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).
 


 
Full Article
Userlevel 7
The following article is a update on Microsoft seizes No-IP domains
 
{Sorry chaps! We didn't mean to steamroller legit No-IP users – Microsoft}
 
ByBy Iain Thomson, 1 Jul 2014
 
 
Updated Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out.
"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the abuse of No-IP, an Internet solutions service," David Finn, associate general counsel of Redmond's Digital Crimes Unit, told The Reg in a statement.
 "Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced."
 
The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/01/sorry_chaps_microsoft_unborks_legitimate_noip_users_domains/
Userlevel 7
Badge +54
The Syrian Electronic Army has been causing quite a few problems over the last months so anything which disrupts them has got to be a good thing.
 
By Liam Tung  July 2, 2014
 
"However, Microsoft may have made a major dint in some of the most troublesome attack groups on the internet, such as the now-infamous Syrian Electronic Army (SEA), which has hacked eBay, the Washington Post, and Microsoft multiple times, among others.
According to Kaspersky Lab research director Costin Raiu, the takedown impacted a quarter of the "advanced persistent threat" actors it's been tracking. Among them are the SEA, the controversial Italian lawful intercept vendor the Hacking Team, and Flame, a well-known piece of malware discovered in 2012."
 
Full Article
Userlevel 7
The following article is a update on Microsoft Seizes No IP Domains
 
{Legitimate No-IP users still affected by Microsoft's domain takeover}
 
By/Author/ Zeljka Zorz/ HNS Managing Editor/ Posted on 02 July 2014.
 
When Microsoft seized control of 22 free domain names usually controlled by dynamic DNS service No-IP on Monday, it disrupted malware networks used by cybercriminals to infect victims with NJrat and NJw0rm backdoors, as well as some APT operations.

http://www.net-security.org/images/articles/broken2.jpg
Unfortunately, it also affected a great number of legitimate users, many of which have taken to Twitter to protest Microsoft's officious interference.

"Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors," No-IP marketing manager Natalie Goguen stated yesterday.
 
Help Net Security/ Full Read Here/ http://www.net-security.org/secworld.php?id=17076
Userlevel 7
The following article is a update on Microsoft seizes No-IPDomains
 
(No-IP reclaims control of domains seized by Microsoft)
 
By/ Zeljka Zorz HNS Managing Editor/ Posted on 03 July 2014.
 
The end of No-IP customers' troubles seems near, as Microsoft has relinquished control of the 23 domain names it seized control of on Monday with the blessing of a Nevada federal court.

Dan Durrer, owner and CEO of Vitalwerks, the company that runs the No-IP dynamic DNS service, has let users know that they were "very close to a resolution" of the problem, and are working as fast as they can to reestablish access to the millions of users that have been put out of service by Microsoft's legal action.
 
Help Net Security/ Full Read Here/ http://www.net-security.org/secworld.php?id=17084
Userlevel 7
Badge +54
This one may be a few weeks old now but the virus and variants is changing identities and targeting Windows OS.
 
PTI | New Delhi | Updated: Jul 24 2014
 


Indian Internet users have been warned against hacking attempts of a clandestine multi-identity virus called Bladabindi. (Thinkstock)
 
""It has been reported that variants of malware called Bladabindi are spreading. This malware steals sensitive user information from infected computer system. Bladabindi could also be used as malware downloader to propagate further malware and provide backdoor access to the remote attacker.
"Some of the Bladabindi variants could capture keyboard press, control computer camera and later send collected sensitive information to remote attacker. Bladabindi is infecting Microsoft Windows operating system and spreading via infecting removable USB flash drives and via other malwares," the latest advisory by the agency said."
 
Full Article
 
 
Userlevel 7
good article what I find as the key to this virus is variants is changing identities this in itself makes it difficult to contain and remove. ...

Reply