Microsoft moves to disrupt Middle East malware op
Malware made in Kuwait, Algeria, is ‘biggest-ever’ outside East Europe, says Redmond cyber-sec unit
Microsoft Corp's cyber-security wing yesterday initiated a court-sanctioned operation to disrupt malware networks it claims are controlled from Algeria and Kuwait, Reuters reported.
The action was authorised by US District Court in Nevada on 19 June and marks the first high-profile case involving malware architects from countries outside Eastern Europe, according to Richard Domingues Boscovich, assistant general counsel of Microsoft's Digital Crimes Unit. Boscovich's team has disrupted nine other malware networks over the past five years, all of which were based in Eastern Europe.
"We have never seen malware coded outside Eastern Europe that is as big as this," said Boscovich. "This really demonstrates the globalisation of cybercrime."
The investigation will concentrate on two malicious packages named Bladabindi and Jenxcus, which have similar designs and are thought to have been written in Kuwait and Algeria.
Functionality includes dashboard-style interfaces and capabilities such as remote real-time computer monitoring; the recording of keystrokes; password theft; and audio eavesdropping, according to filed court documents.
The court order instructs suspicious traffic to be redirected to Microsoft servers from those at Vitalwerks Internet Solutions, a service provider based in Reno, Nevada, US. Microsoft's cyber security team believes that as much as 94% of machines infected by Bladabindi and Jenxcus communicate with command-and-control servers through Vitalwerks' servers.
While Microsoft's anti-virus software resides on only 30% of the world's PCs, Boscovich said it had recorded 7.4m infections in the past year, indicating a large-scale spread of the malware packages.