Earlier this week, Microsoft filed a civil suit against a Dynamic DNS provider in the U.S. (Vitalwerks Internet Solutions, LLC doing business as No-IP.com) and identified two individuals who are believed to have used this DNS provider to spread and control dangerous malware (Bladabindi and Jenxcus) to unsuspecting victims. Bladabindi or Jenxcus was encountered more than 7.4 million times over the past twelve months worldwide.
The two people identified allegedly used social media to flaunt their creation and the dissemination of two well-known types of malware, known by the Microsoft Malware Protection Center (MMPC) as Jenxcus and Bladabindi.
As a result, the company succeed in grabbing temporary control of 23 internet domain names from a company called Vitalwerks Internet Solutions, based in Reno, Nevada.
Vitalwerks, which offers what are known as dynamic Domain Name System (DNS) services, is much better known by its trading name, no-ip.
Microsoft convinced the court that no-ip’s free dynamic DNS domains were home to at least 18,000 servernames in active use by zombie malware, or bots.
Redmond even named two of the most common bots that allegedly use no-ip as part of their infrastructure, together with the men they claim run those bots.
Indeed, Naser al Mutairi, allegedly running the Bladabindi malware as a business out of Kuwait, and Mohamed Benabdellah, alleged author of the Jenxcus malware out of Algeria, are explicitly named as defendants in the court documents, along with Vitalwerks.
Longstoryshort, of course, is that temporarily taking over no-ip’s free dynamic DNS domains didn’t just nobble the 18,000 hostnames that helped Bladabindi (Sophos name: Troj/BBdindi-A) and Jenxcus (Sophos name: VBS/Autorun-CAI) do their dirty work.