Microsoft Disrupts Jenxcus and Bladabindi Malware Families
Today, following an investigation to which the Microsoft Malware Protection Center (MMPC) contributed, the Microsoft Digital Crimes Unit initiated a disruption of the Jenxcus and Bladabindi malware families.
The operation began on Monday under an order issued by a federal court in Nevada and targeted traffic involving malicious software known as Bladabindi and Jenxcus, which Microsoft said work in similar ways and were written and distributed by developers in Kuwait and Algeria. In the civil case, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software.
The court order allowed Microsoft to disrupt communications between infected machines and Vitalwerks Internet Solutions.
Microsoft has not accused Vitalwerks of involvement in any cybercrime, though it alleges that the company failed to take proper steps to prevent its system from being used for such activities.
These malware families can install backdoor trojans on your computer, which allow criminals to steal your information, such as your passwords, and use your computer to collect other sensitive information. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely.
These backdoor trojans can also upload new components or malware to your computer to add more malicious functionality. They often communicate with hosts that are typically a Dynamic DNS service such as NO-IP because this makes them more difficult to trace.
The malware families spread primarily through social engineering techniques. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely. Bladabindi also plants files with enticing names and icons on removable media and linked drives to lure new victims.
Most Jenxcus infections occur through torrents and websites when the malware is bundled with other programs or videos. Jenxcus also tries to trick you into installing it by pretending to be a Flash update that you need to install before watching a video. After infecting a computer, Jenxcus leaves enticing shortcut files on removable media that look like songs or other personal files. When opened these files run a copy of the malware.
The court order allowed Microsoft to disrupt communications between infected machines and Vitalwerks Internet Solutions.
Microsoft has not accused Vitalwerks of involvement in any cybercrime, though it alleges that the company failed to take proper steps to prevent its system from being used for such activities.
These malware families can install backdoor trojans on your computer, which allow criminals to steal your information, such as your passwords, and use your computer to collect other sensitive information. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely.
These backdoor trojans can also upload new components or malware to your computer to add more malicious functionality. They often communicate with hosts that are typically a Dynamic DNS service such as NO-IP because this makes them more difficult to trace.
The malware families spread primarily through social engineering techniques. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely. Bladabindi also plants files with enticing names and icons on removable media and linked drives to lure new victims.
Most Jenxcus infections occur through torrents and websites when the malware is bundled with other programs or videos. Jenxcus also tries to trick you into installing it by pretending to be a Flash update that you need to install before watching a video. After infecting a computer, Jenxcus leaves enticing shortcut files on removable media that look like songs or other personal files. When opened these files run a copy of the malware.