In a blog post on July 1, Microsoft announced the successful disruption of a serious strain of malware promoted and proliferated by No-IP.com. Two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, along with a U.S. company, Vitalwerks Internet Solutions, LLC were cited in a lawsuit filed on June 19, 2014. The lawsuit can be viewed in its entirety online HERE.
This marks the tenth overall malware disruption since the company started aggressively advancing on cybercrime in February 2010, and the third since the Microsoft Cybercrime Center launched in November 2013. The Cybercrime Center is a facility dedicated to monitoring, locating, and eliminating electronic crimes in an effort to protect Microsoft and its customers.
Mohamed and Naser leveraged social media to promote the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. They offered detailed instructions to anyone on how to infiltrate the computers of unsuspecting victims causing millions of computers worldwide to become infected. Microsoft alone revealed more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months. This does not include detection from other anti-virus vendors.
Microsoft took the strong legal actions after the security community had lobbied complaints against No-IP for domain abuse with no resolution. The company continued to ignore the complaints despite being utilized in almost 93 percent of all Bladabindi-Jenxcus infections.
On June 26, 2014, the U.S. District Court of Nevada granted Microsoft authority over No-IP's 23 domains. Microsoft subsequently eliminated the threat by rerouting traffic to a "sinkhole" and developed malware cleaning techniques through reverse engineering.
Compiled By: Microsoft DCU