Millions hit by Microsoft cybercrime action

Hands on keyboard Image copyright SPL
Image caption Millions of copies of the malicious programs have been detected by Microsoft in recent months

Traffic to millions of servers has been disrupted as Microsoft seeks to shut down persistent cybercriminals.

Backed by a court order, the software giant seized control of web domains it said were being used to infect Windows PCs with malware.

Microsoft stopped traffic reaching the malicious domains but has also inadvertently stopped data reaching many legitimate sites.

The original owner of the domains said Microsoft's action was "heavy-handed".

Court challenge

In a blogpost, Microsoft lawyer Richard Boscovich said it had taken the action against domain administration firm for its "roles in creating, controlling, and assisting in infecting millions of computers with malicious software".

He said No-IP's infrastructure had been used to spread the Bladabindi and Jenxcus family of malicious programs in 93% of the cases it had seen. Over the past 12 months, he said, Microsoft had detected variants of the two viruses more than 7.4 million times.

The thieves behind the malware could steal data from infected machines, record keystrokes and listen to any sounds taking place around a computer, he said.

Microsoft had taken the legal step of making itself the controller of the 23 domains because No-IP had not done enough to police them, wrote Mr Boscovich. A federal court in Nevada granted Microsoft the right to take over the No-IP domains.

Once it had had control of the suspect domains, he said, Microsoft had applied filters so only "clean" data had got through and that helping the malware spread had been caught and discarded.

In response, No-IP said Microsoft's action had been "draconian" and had wrongly "affected millions of innocent internet users".

No-IP speculated that Microsoft had underestimated the amount of data traffic flowing towards the domains it was now administering, which had caused service disruptions for many legitimate customers.

"Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors," wrote No-IP in a statement posted on its site.

It added that Microsoft could have achieved the same end result if it had made more effort to contact No-IP's senior management.

"Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives," it said.

"This heavy-handed action by Microsoft benefits no-one," it added. "We will do our best to resolve this problem quickly."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites