Today, Microsoft filed a civil suit against a Dynamic DNS provider in the U.S. (Vitalwerks Internet Solutions, LLC doing business as No-IP.com) and identified two individuals who are believed to have used this DNS provider to spread and control dangerous malware (Bladabindi and Jenxcus) to unsuspecting victims. Bladabindi or Jenxcus was encountered more than 7.4 million times over the past twelve months worldwide.

The two people identified allegedly used social media to flaunt their creation and the dissemination of two well-known types of malware, known by the Microsoft Malware Protection Center (MMPC) as Jenxcus and Bladabindi

What are Jenxcus & Bladabindi?
Jenxcus & Bladabindi are malicious worms that can provide an attacker with access and control of the computer.  The malware is commonly spread by infected removable drives, drive-by-download attacks, or through social engineering. 

Some variants of these worms provide attackers with full control over the infected system.  This includes the ability to capture key strokes, take screen captures, operate the systems' web camera, microphone, add more malicious functionality and more. 

How do you help protect against it?
If you are running Windows Defender on Windows 8, Microsoft Security Essentials or System Center Endpoint Protection the software has detections in place to automatically detect and help remove this threat.  If you think your system has been infected, running Microsoft Safety Scanner can help to identify and remove it. 

If you are interested in learning more about the legal action taken, please read the blog post by our colleagues in the Microsoft Digital Crimes Unit. 

Tim Rains
Director
Trustworthy Computing