Microsoft has filed a civil case, naming two foreign nationals from Kuwait and Algeria as the masterminds behind a concerted scheme to infect millions of computers with Bladabindi and Jenxcus families of malware.
Detailed in a company blog post, the move marks one of the company's most audacious efforts, its tenth to date, to disrupt what it says is one of the most prolific conduits between hackers and their victims.
It also highlighted the role of No-IP, a popular dynamic DNS provider, as a vital cog in that scheme. Microsoft wrote that it successfully gained control of 22 of its most commonly-used domain names, effectively shutting it down.
It is not clear whether there was a deliberate attempt by No-IP (or one of its employees) to play an active role in the cyberattacks, and there is confusion as to whether the two parties worked together to crack down on the malware authors.
Sufficient steps
Microsoft's Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit, wrote that "despite numerous reports by the security community on No-IP domain abuse", the company "did not take sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity."
However, writing in a No-IP blog post, Natalie Goguen argues that "Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives."
The crackdown means that millions are likely to be affected with Vitalwerks Internet Solution, which owns No-IP, pointing to the fact that Microsoft's heavy-handed approach benefits no one.
