Microsoft: No-IP takedown cleansed 4.7m PCs

Microsoft claims to have freed at least 4.7 million infected personal computers from the control of a criminal network in a digital crime-busting operation that interrupted internet services for millions of other users last week.

Microsoft has also identified at least another 4.7 million infected machines during the operation, the company announced.

Richard Domingues Boscovich, assistant general counsel of Microsoft's Digital Crimes unit, promised the company would provide government authorities and Internet service providers around the world with the IP addresses of infected machines to help users remove the viruses.

"Those victims are currently not aware they are infected," Boscovich said in an interview.

The operation is the most successful of the 10 launched to date by Microsoft's Digital Crimes Unit, if judged on the number of infected machines identified, Boscovich said.

Microsoft located the compromised PCs by intercepting traffic headed to servers at Reno, Nevada-based Vitalwerks Internet Solutions, which Microsoft claimed that criminals had used to communicate with compromised PCs via free accounts on Vitalwerks' No-IP.com services.

Vitalwerks - and many in the information security and ISP community - criticised the way Microsoft handled the operation after some 1.8 million users lost service for several days.

The Internet services firm said that it would have been glad to help Microsoft, without interrupting service to legitimate users.

Microsoft has apologised, blaming "a technical error" for the collateral damage.

The operation, which began on June 30 under a federal court order sought by Microsoft, targeted malicious software known as Bladabindi and Jenxcus. Microsoft said the malware was written and distributed by developers in Kuwait and Algeria.

The largest number of remaining infected machines are located in India, Pakistan, Egypt, Brazil, Algeria and Mexico, Microsoft said.