Microsoft takes on global cybercrime epidemic in tenth malware disruption

The following post is from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.


Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.

We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.

Free Dynamic DNS is an easy target for cybercriminals

Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.

For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.

Microsoft legal and technical actions

On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.

As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.

This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.

Can you run Windows Server 2012 R2 on Windows Server 2008 R2?

I have been asked this question a couple of times recently.  The odd thing, to me anyway, is that most of the people who have asked me have stated:

I read this article: http://msdn.microsoft.com/en-us/library/cc794868(v=ws.10).aspx about supported guest operating systems for Windows Server 2008 R2, and did not see Windows Server 2012 R2 listed.  Is it supported?

The answer is – no.  That is why it is not listed.

Generally speaking, we make sure that the we support the release immediately after the host operating system (i.e. 2012 on 2008 R2, 2012 R2 on 2012, etc…).  But we do not go beyond that.

If you really want to run Windows Server 2012 R2 in a virtual machine – I highly recommend that you upgrade your host first.  Besides which, there are so many great new features in Hyper-V in Windows Server 2012 and 2012 R2 that you should want to take advantage of!

Cheers,
Ben

Read More

Microsoft takes on global cybercrime epidemic in tenth malware disruption

Editor’s Note: This blog post was updated with the following new information at 8 a.m. on July 9:

On Monday, June 30, Microsoft filed a civil suit in a Nevada federal court to disrupt Bladabindi-Jenxcus, a pervasive family of malware that put millions of customers at risk.

Today both Microsoft Corporation and Vitalwerks Internet Solutions, LLC announce they have reached a settlement in the matter of Microsoft Corporation v. Mutairi, et al.

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services.

Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

The following post from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit, was originally published on June 30:


Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.

We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.

Free Dynamic DNS is an easy target for cybercriminals

Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.

For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.

Microsoft legal and technical actions

On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.

As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.

This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.

Read More

Microsoft takes on global cybercrime epidemic in tenth malware disruption

Editor’s Note: This blog post was updated with the following new information at 8 a.m. on July 9:

On Monday, June 30, Microsoft filed a civil suit in a Nevada federal court to disrupt Bladabindi-Jenxcus, a pervasive family of malware that put millions of customers at risk.

Today both Microsoft Corporation and Vitalwerks Internet Solutions, LLC announce they have reached a settlement in the matter of Microsoft Corporation v. Mutairi, et al.

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services.

Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

The following post from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit, was originally published on June 30:


Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.

We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.

Free Dynamic DNS is an easy target for cybercriminals

Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.

For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.

Microsoft legal and technical actions

On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.

As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.

This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.

Schools choosing Microsoft to help bring the digital transition to life

REDMOND, Wash.

June 29,
201
4

On Sunday, at the International Society for Technology in Education (ISTE) conference, Microsoft Corp. announced that the Pasadena Independent School District (ISD) in Texas is adding to the growing momentum of schools choosing Microsoft technology and resources to help transform the student learning experience in the classroom. After a two-year pilot at schools around the district, Pasadena ISD will give students and teachers 12,900 Dell Venue 11 Pro Tablets with Windows 8.1 and Microsoft Office 365 with OneNote. A primary consideration in the district’s decision was the innovative digital inking technology available in Windows 8.1 that is brought to life with OneNote and a touchscreen device like the Dell notebook.

“There is a massive transition to digital happening across the country and around the world in education, and schools looking to prepare their students for the world beyond the classroom are empowering their students and teachers by providing devices, services, training and other elements needed for improved student outcomes,” said Margo Day, vice president of U.S. education at Microsoft. “At Microsoft, we are proud to be a partner with so many great schools that are leading the way forward for education and in preparing our youth for tomorrow’s workforce.”

After carefully evaluating its device options, Pasadena ISD concluded that the inking capabilities in Windows 8.1, combined with the power of OneNote, gave students and teachers the most engaging experience possible. The district originally looked at a Windows 7-based netbook, but when it saw how digital inking on a tablet can duplicate the pen-and-paper experience, it captured peoples’ imaginations. The district saw the possibilities for things like real-time note taking, art projects and annotations, and determined that was the best option for students.

Pasadena joins a growing list of schools around the country that have recently chosen Microsoft devices and services to help bring technology and Microsoft YouthSpark resources into the classroom to improve student outcomes and opportunities, including the following:

  • Baltimore County Public Schools (BCPS). As part of Baltimore County Public Schools’ Students & Teachers Accessing Tomorrow (S.T.A.T.) initiative, the district is rolling out 150,000 HP Elitebook 810 Revolve devices running Windows 8.1 to all students and teachers over the next four years. The initiative is aimed at fundamentally shifting teaching and learning in the district. Also, through the Microsoft Student Advantage offer, the district, which is already providing Microsoft Office to faculty and staff, will also offer the productivity suite to students at no additional cost. BCPS has developed a thoughtful approach to all the critical components to an effective one-to-one computing (1:1) initiative that also includes ongoing training for educators. Its curriculum offices are currently developing a framework and template for use in BCPS One, the new digital portal for curriculum and instruction, assessments, student data, reporting, and analysis.

  • Bureau of Indian Education: In support of President Obama’s ConnectED Initiative and to accelerate the speed at which students in Bureau of Indian Education schools in the U.S. experience the benefits of a move to digital environments, Microsoft is working with Verizon Wireless to bring 10 tribal K–12 schools to digital 1:1 environments, which will include digital textbooks, content filtering and device management. The devices provided as part of the initiative are Nokia Lumia 2520 tablets. Data plans, network build-out, and appropriate educator and student training are included in the agreement. Build out of the network and implementation will take place in the coming months.

  • Chester County School District. This South Carolina district is in a close-knit, rural community, yet the school district also wanted to ensure that its young people had a global perspective. The district worked with local Internet providers to create Wi-Fi hotspots in strategically placed locations, such as parks and libraries, and provided students with Windows 8 devices. The devices were selected based on the district’s education priorities, a long battery life and durability.

  • Cincinnati Country Day School (CCDS). One of the first schools in the nation to go 1:1 in 1996, CCDS has been on the cutting edge of the digital transition for a long time. The school is now deploying Microsoft Surface Pro 3 devices for its students in grades 5–12 and faculty. According to the school, these devices meet all three critical elements for technology in the classroom: the importance and value of reading and writing to the way students learn; the school’s focus on the creative process; and tools that are versatile enough to support a variety of projects and experiments, regardless of subject.

  • Fresno Unified School District (FUSD). The fourth-largest district in California with 75,000 students is currently rolling out 15,000 ASUS Transformer T100 devices running Windows 8.1 to third through eighth graders. The district chose the Windows platform to meet Smarter Balanced Assessment Consortium’s requirements for testing and the district’s Bring Your Own Device (BYOD) vision.

  • Houston Independent School District (HISD). The largest school district in Texas and seventh-largest in the U.S., HISD purchased Microsoft solutions to help it improve student outcomes, solve privacy concerns and amend manageability worries that plague many other education technology implementations. Microsoft Office 365 and HP Elitebook Folio 9470m Ultrabooks running Windows are helping to support HISD’s more than 14,000 students and 1,200 teachers in the first phase of its PowerUp initiative to transform how teachers teach and how students learn.

  • Leon County Schools. The Florida district has been deploying Windows 8.1 devices to its 34,000 students, allowing them to keep the business-class tools already in use today and provide maximum flexibility for both elementary and high school levels.

  • Miami-Dade County Public Schools (M-DPS). The nation’s fourth-largest school district, initiated its digital convergence project, rolling out 150,000 HP devices running Windows 8.1, with tablets for seventh-grade civics and ninth-grade world history classes, and laptops at the elementary level. In addition, more than 10,000 interactive boards will be added to classrooms across the district, and all 350,000 students will receive Microsoft Office Professional Plus for free as part of Microsoft Student Advantage. One-third of MDCPS schools will also be Microsoft IT Academy schools, receiving specific IT skills training and certification testing. Finally, the first wave of M-DPS teachers have begun training with Microsoft Expert Educators.

  • West Virginia. West Virginia Department of Education, as part of a statewide agreement is allowing all its public schools to upgrade to Windows 8.1, as well as providing Office 365 and Office 365 ProPlus to students, teachers and staff, resulting in lower costs and broader access for schools and families in the state.

This digital transition is not just happening in the U.S., but also in schools around the world where technology is empowering students. In Thailand, for example, the Office of the Basic Education Commission recently signed a memorandum of understanding that will provide all 8 million students and 400,000 teachers in the country with access to Microsoft Office 365 for Education.

About Microsoft in Education

Microsoft is deeply committed to working with governments, communities, schools and educators to use the power of information technology to deliver technology, services and programs that provide anytime, anywhere learning for all. Since 2003, Microsoft has partnered with educators to impact more than 207 million students in 119 countries. Through TEACH.Org, Microsoft and other partners, candidates are provided with free access to the online tools and resources necessary to pursue a career in teaching. For more information: http://www.microsoft.com/education.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services, devices and solutions that help people and businesses realize their full potential.

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.

Microsoft announces quarterly earnings release date and upcoming event for the financial community

REDMOND, Wash. — Jan. 3, 2014 — Microsoft Corp. will publish fiscal year 2014 second-quarter financial results after the close of the market on Thursday, Jan. 23, 2014 on the Microsoft Investor Relations Web site at http://www.microsoft.com/investor/. A live webcast of the earnings conference call will be made available at 2:30 p.m. Pacific Time on the Microsoft Investor Relations Web site at http://www.microsoft.com/investor/.

The company will also participate in the following event for the financial community:

JP Morgan Tech Forum at CES 2014

Tuesday, January 7, 2014
12:45 p.m. PT
Bill Duff, chief financial officer, Operating Systems

Interested parties can listen to a webcast of these events on the Microsoft Investor Relations Web site at http://www.microsoft.com/investor/.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

For more information, financial analysts and investors only:

Investor Relations, Microsoft, (425) 706-4400

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/news/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. Shareholder and financial information is available at http://www.microsoft.com/investor/.