News

Microsoft under fire over disruptive anti-crime operation

Warwick Ashford

Microsoft has come under fire after an operation aimed at taking down a criminal botnet disrupted traffic to millions of legitimate servers.

As part of its ongoing campaign against cyber criminals, Microsoft used a federal court order to seize control of web domains it said were being used to infect Windows-based PCs with malware.

140207_0160.jpg

The continually evolving strategy of disruption adopted by Microsoft and other technology firms is aimed at fighting cybercrime by disabling key criminal infrastructure.

But, in addition to blocking traffic to malicious domains, the latest anti-botnet operation also prevented data reaching many legitimate sites, reports the BBC.

In a blog post, Richard Boscovich, assistant general counsel at Microsoft's Digital Crimes Unit, said it had taken the action against domain administration firm No-IP.com for its "roles in creating, controlling, and assisting in infecting millions of computers with malicious software".

He said No-IP's infrastructure had been used to spread the Bladabindi and Jenxcus family of malicious programs in 93% of the cases Microsoft had seen.

In the past year, he said, Microsoft had detected variants of the two viruses more than 7.4 million times.

The malware enabled the criminals who deployed it to steal data from infected machines, record keystrokes and use computer microphones to make recordings.

Boscovich said Microsoft had resorted to legal action to take control of No-IP’s 23 domains because the firm had not done enough to police them.

He said Microsoft applied filters to allow only "clean" data through, while blocking traffic associated with the botnet and spreading malware.

But No-IP said Microsoft's action was "draconian" and had wrongly "affected millions of innocent internet users".

No-IP speculated that Microsoft had underestimated the amount of data traffic handled by the 23 domains it seized, resulting in service disruptions for many legitimate customers.

In a statement, David Finn, executive director of Microsoft’s Digital Crimes Unit, claimed the collateral damage was merely a "technical error", according to Techdirt.

Although Microsoft has used the same technique to disrupt other botnets, this is the first time there have been reports of widespread disruption to legitimate sites.

"Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate host names associated with a few bad actors," No-IP said in a statement posted on its site.

No-IP said Microsoft could have achieved its aims without disrupting legitimate traffic if it had made more effort to contact No-IP's senior management.

"Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives," No-IP said.

Read more about botnets


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy