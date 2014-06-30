| BOSTON, June 30
BOSTON, June 30 Microsoft Corp launched
what it hopes will be the most successful private effort to date
to crack down on cyber crime by moving to disrupt communications
channels between hackers and infected PCs.
The operation, which began on Monday under an order issued
by a federal court in Nevada, targeted traffic involving
malicious software known as Bladabindi and Jenxcus, which
Microsoft said work in similar ways and were written and
distributed by developers in Kuwait and Algeria.
It is the first high-profile case involving malware written
by developers outside of Eastern Europe, according to Richard
Domingues Boscovich, assistant general counsel of Microsoft's
cybercrime-fighting Digital Crimes Unit.
"We never seen malware coded outside Eastern Europe that is
as big as this. This really demonstrates the globalization of
cybercrime," said Boscovich, whose team at Microsoft has
disrupted nine other cybercrime operations over the past five
years, all of which it believes originated in Eastern Europe.
He said it would take several days to determine how many
machines were infected, but noted that the number could be very
large because Microsoft's anti-virus software alone has detected
some 7.4 million infections over the past year and is installed
on less than 30 percent of the world's PCs.
The malware has slick dashboards with point-and-click menus
to execute functions such as viewing a computer screen in real
time, recording keystrokes, stealing passwords and listening to
conversations, according to documents filed in U.S. District
Court in Nevada on June 19 and unsealed Monday.
The malicious software was purchased by at least 500
customers, who are identified in the court documents as John
Does 1 to 500.
Boscovich said the developers blatantly marketed their
malware over social media, including videos on Google Inc's
YouTube and a Facebook page. They posted instructional
videos with techniques for infecting PCs, he said.
MONDAY'S OPERATION
The court order allowed Microsoft to disrupt communications
between infected machines and a Reno, Nevada, firm known as
Vitalwerks Internet Solutions.
Boscovich said about 94 percent of all machines infected
with the two viruses communicate with hackers through Vitalwerks
servers. Criminals use Vitalwerks as an intermediary to make it
more difficult for law enforcement to track them down, he said.
The court ordered the registries that direct Internet
communications to send suspected malicious traffic to Microsoft
servers in Redmond, Washington, instead of letting it go on to
Vitalwerks.
Vitalwerks spokeswoman Natalie Goguen said she had no
immediate comment.
In the operation that began on Monday, Boscovich said,
Microsoft will filter out communications from PCs infected with
another 194 types of malware that are also being filtered
through Vitalwerks.
Microsoft has not accused Vitalwerks of involvement in any
cybercrime, though it alleges that the company failed to take
proper steps to prevent its system from being used for such
activities.
"We just want them to clean up their act, to be more
proactive in monitoring their service," Boscovich said in an
interview.
(Reporting by Jim Finkle; Editing by Richard Chang)