Microsoft has made a new stand against cyber criminals with its action against a firm called No-IP, which offers domain name system (DNS) services, but has since apologised for its overzealousness.
According to Microsoft, No-IP is the source of many Bladabindi and Jenxcus malware attacks. The firm said it has seen more than 7.4 million Bladabindi and Jenxcus incidents over the past year, and that 93 percent of them can be traced back to the No-IP network.
This week Richard Domingues Boscovich, assistant general counsel for Microsoft’s digital crimes unit, said: “We’re taking No-IP to task as the owner of infrastructure frequently exploited by cyber criminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware.
“The social media-savvy cyber criminals have promoted their wares across the internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes – demonstrating that cyber crime is indeed a global epidemic.”
No-IP, which said many innocent accounts have suffered at Microsoft’s hands, explained that the regular approach in such circumstances is usually a two-way dialogue.
“We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives,” it said in a statement.
“Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate host names associated with a few bad actors. Had Microsoft contacted us, we could and would have taken immediate action.
“Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent internet users.”
Since then, Microsoft has told V3 a “technical error” is to blame for the mass close-off and added that services should now be restored.
“Yesterday morning, Microsoft took steps to disrupt a cyber attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an internet solutions service,” said a spokesperson.
“Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”
No-IP has countered with its report that services were not restored at 6am. It said Microsoft’s claim is “not true”.
The news comes at the same time that Microsoft appears to have backtracked on plans to stop sending email alerts to IT professionals about its forthcoming security updates.