Plan to stop cybercrime
Microsoft's new plan to stop cybercrime
BOSTON:
Microsoft has launched what it hopes will be the most successful
private effort to date to crack down on cybercrime by moving to disrupt
communications channels between hackers and infected PCs.
The
operation, which began on Monday under an order issued by a federal
court in Nevada, targeted traffic involving malicious software known as
Bladabindi and Jenxcus, which Microsoft said work in similar ways and
were written and distributed by developers in Kuwait and Algeria.
It is the first high-profile case involving malware written by
developers outside of Eastern Europe, according to Richard Domingues
Boscovich, assistant general counsel of Microsoft's cybercrime-fighting
Digital Crimes Unit.
"We have never seen malware coded outside
Eastern Europe that is as big as this. This really demonstrates the
globalization of cybercrime," said Boscovich, whose team at Microsoft
has disrupted nine other cybercrime operations over the past five years,
all of which it believes originated in Eastern Europe.
He said
it would take days to determine how many machines were infected, but
noted that the number could be very large because Microsoft's anti-virus
software alone has detected some 7.4 million infections over the past
year and is installed on less than 30% of the world's PCs.
The
malware has dashboards with point-and-click menus to execute functions
such as viewing a computer screen in real time, recording keystrokes,
stealing passwords and listening to conversations, according to
documents filed in US District Court in Nevada on June 19 and unsealed
on Monday.
The malware was purchased by at least 500 customers.
Boscovich said the developers marketed their malware over social media,
including videos on YouTube and a Facebook page. They posted videos
with techniques for infecting PCs, he said.
Monday's operation
The court order allowed Microsoft to disrupt communications between
infected machines and Reno, Nevada-based Vitalwerks Internet Solutions.
Boscovich said about 94% of all machines infected with the two viruses
communicate with hackers through Vitalwerks servers. Criminals use
Vitalwerks as an intermediary to make it more difficult for law
enforcement to track, he said.
The court ordered the registries
that direct internet communications to send suspected malicious traffic
to Microsoft servers in Redmond, Washington, instead of to Vitalwerks.
In an operation that begins Monday, Boscovich said, Microsoft will
filter out communications from PCs infected with another 194 types of
malware also being filtered through Vitalwerks.
Vitalwerks said Microsoft's actions have disrupted service for millions of internet users.
"Vitalwerks and (operational subsidiary) No-IP have a very strict abuse
policy. Our abuse team is constantly working to keep the No-IP system
domains free of spam and malicious activity," spokeswoman Natalie Goguen
said in a statement.
Microsoft has not accused Vitalwerks of
involvement in any cybercrime, though it alleges the company failed to
take proper steps to prevent its system from being abused.
"We just want them to clean up their act, to be more proactive in monitoring their service," Boscovich said in an interview.
No comments:
Post a Comment