Bit-by-bit, Microsoft is hitting back at an international domain-squatting/drive-by-hacking operation by taking over the domains involved.
An unsealed order from US District of Eastern Virginia judge Bruce Gerald Lee shows that at the end of June, Redmond gained control of more than 60 domain names registered with the Public Internet Registry, Afilias USA, and VeriSign.
The basis of the lawsuit is that scum and scammers were using domains with Microsoft-like names, presumably so phishing emails from “ms-update.info” would look legit. Rather than wait for law enforcement, Redmond used a trademark and copyright complaint to launch the action.
The John Doe lawsuit doesn't say who Microsoft believes is behind the domains, although the Daily Beast believes they're part of the Russian-backed “Fancy Bear” group.
The offending domains used names like win32support.com, microsoft-updatecdn.com, login-outlook.com and ipv6-microsoft.com, and gave registrant addresses all over the world (including Privacy Protect, a privacy domain reseller that The Australian reported last year was the registrant named for the DCleaks.com, a recipient of Hillary Clinton's leaked emails last year).
Surprisingly, none of the individuals named as owners of the domains responded to court notices sent to them.
As well as ending the domains' life as command-and-control and malware spreaders, the action means infected machines trying to “phone home” are contacting Microsoft instead. That also lets Redmond map the extent of the infections the servers achieved.
Under the heading “good luck with that”, the June judgement grants an injunction against the John Does prohibiting them from “undertaking any similar activity that inflicts harm on Microsoft”.
Judge Lee also ordered that “Defendants, Defendants’ representatives, and persons who are in active concert or participation with Defendants are permanently restrained and enjoined from using and infringing Microsoft’s trademarks, trade names, service marks, or Internet Domain addresses or names to carry out the enjoined activity”. ®
Sponsored: Webcast: Simplify data protection on AWS