Microsoft Takes An Action Against The Global Cyber Crime
Microsoft Corp has launched an operation on Monday, in an effort to fight the roots of the global cyber crime, targeting the malicious software known as Jenxcus and Bladabindi which is developed in Algeria and Kuwait.
A Microsoft representative said that this particular malware has resulted in almost 7,5 million infected computers over the past year, and that it is the first time they have seen a malware that comes outside Eastern Europe that is so big, and that tells a lot about the fast expansion and globalization of cyber crime. This action was taken as a follow-up to an investigation by the Microsoft Malware Protection Center (MMPC), which has been monitoring the Jenxcus and Bladabindi malware families since 2012.
The Explanation Of Jenxcus And Bladabindi Malware Families
For those not aware of the dangers of cyber crime, these malware families are written and distributed with the aim to steal information stored on your computer, such as your passwords, by installing backdoor trojans on your computer. They can also further infect your computer by uploading new components or malware and their defensive mechanism is communication with hosts such as No-IP service, making it more difficult to trace them. It has dashboards with point-and-click menus that enable it to steal passwords, listen to conversations, record keystrokes and view a computer screen of an infected computer, in real time.
The Jenxcus and Bladabindi families usually spread by tricking victims to perform an operation resulting in computer infection, with Blandabindi infecting a computer if a user:
- Clicks on a link in a social media message that is malicious
- Visits a hacked website.
- Opens an email sent by a contact who has previously been infected with the malware.
Bladabindi tries to trick users into running it by having enticing names and icons.
Jenxcus, on the other hand, is usually installed when a user:
- Uses torrents or websites where malware is bundled with other programs and videos.
- Installs a Flash update that was necessary to install before watching a video, which was in fact Jenxcus pretending to be an update. This is usually the case on video streaming websites.
Both Jenxcus and Bladabindi were added to the Malicious Software Removal Tool (MSRT) in early 2014, but Microsoft stated that the aggressive nature and distribution methods of these malware families allow them to continue to infect their users. An additional concern is that the information on downloading and developing unique versions of this malware is available to general public, through public forums and written tutorials.
Actions Taken By Microsoft
The investigation has discovered that about 94% of infected machines communicates with hackers through servers from an internet provider based in Nevada (Vitalwerks). Microsoft was allowed to disrupt this communication by redirecting suspicious traffic to their servers in Redmond and filter out communications with another 194 types of malware. Microsoft stated that they hope this will be the most successful private effort yet to combat the global cyber crime.
Featured image credit: Yuri Samoilov/Flickr