Microsoft launches operation to disrupt cybercrime ring

Microsoft launched an operation yesterday to disrupt communications channels between hackers and infected PCs in what the technology giant hopes will be the most successful private effort to date to crack down on cyber crime.

The operation was under an order issued by a federal court in Nevada and targeted traffic involving malicious software known as Bladabindi and Jenxcus, which is written and distributed by developers in Kuwait and Algeria.

"We have never seen malware coded outside Eastern Europe that is as big as this. This really demonstrates the globalisation of cybercrime," said Richard Domingues Boscovich, assistant general counsel for Microsoft’s digital crimes unit.

According to Boscovich, the targeted malware has resulted in over seven million infections over the past year.

The malware has dashboards with point-and-click menus to execute functions such as viewing a computer screen in real time, recording keystrokes, stealing passwords and listening to conversations.

The malware was purchased by at least 500 customers, who are identified in the court documents as John Does one to 500.

Boscovich said the developers blatantly marketed their malware over social media, including videos on YouTube and a Facebook page which included instructional videos with techniques for infecting PCs.

About 94 percent of machines infected with the two viruses communicate with hackers through servers from internet provider Vitalwerks, based in Nevada. 

The court order allowed Microsoft to disrupt communications between affected machines by redirecting suspicious internet traffic to Microsoft servers in Redmond, instead of to Vitalwerks.

In the operation, Microsoft will filter out communications from PCs infected with another 194 types of malware that are also being filtered through Vitalwerks.

Microsoft has not accused Vitalwerks of involvement in any cybercrime, though it alleged that the company failed to take proper steps to prevent its system from being used for such activities.

Vitalwerks spokeswoman Natalie Goguen said she had no immediate comment.