Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security The Internet

Microsoft Seizes Six Domains Used in COVID-19 Phishing Operations (zdnet.com) 26

Posted by msmash from the how-about-that dept.
Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures. From a report: According to court documents obtained by ZDNet, Microsoft has targeted a two-person phishing operation that has been targeting the company's customers since December 2019. The duo operated by sending emails to companies that hosted email servers and enterprise infrastructure on Microsoft's Office 365 cloud service. The emails were spoofed to look like they came from fellow employees or a trusted business partner. This particular phishing operation was unique because attackers didn't redirect users to phishing sites that mimicked the Office 365 login page. Instead, hackers touted an Office document. When users tried to open the file, they were redirected to install a malicious third-party Office 365 app created by the hackers.
This discussion has been archived. No new comments can be posted.

Microsoft Seizes Six Domains Used in COVID-19 Phishing Operations More

Microsoft Seizes Six Domains Used in COVID-19 Phishing Operations

Comments Filter:

  • I don't get it... (Score:5, Funny)

    by frank_adrian314159 ( 469671 ) on Tuesday July 07, 2020 @12:22PM (#60271436) Homepage

    How could a hacker come up with a program more malicious than Office 365?

    • Businesses like Government... really hates competition. They get even more bent if you are using flaws in their product to gain personally... big no no! It's only okay for them to game the system... not you!

      • Re: (Score:2)

        by whitroth ( 9367 )

        I see, so you run malware, and are a crook, conning less-knowlegable people, mostly who can't afford it, out of money.

    • Re: (Score:2)

      by jmccue ( 834797 )
      You need to ask ? It is the same people who came up with Windows with 10 being the "piste de resistance".

  • What is so hard about ignoring an attachment or a link in an email until you get confirmation from the sender that it is indeed legit. It's like moths to a flame it seems. I would like to understand the psychology of why people feel compelled to open something they are unsure about.

  • Isn't phishing illegal? Shouldn't the Feds be taking care of this problem? Or the Feds working in concert with foreign authorities in case the domains are registered to foreign parties? The article doesn't mention the location of the two-person phishing team . . .

    • I hate to break this news to you, but the federal government isn't particularly effective - it's not designed to be, and it shouldn't be.

      You may wonder why I say it's not designed to be. Even at first glance, you'll notice it's designed to require three separate bodies, the house, Senate, and White House, to go through their process and agree on a course of action before the federal government does anything. Contrast for example North Korea, where one guy makes the decision and that's it, it's done. The

      • I think its a major disservice that people aren't taught this in school. But then again the public schools are run by that same intentionally ineffective government so it shouldn't come as a surprise to anyone the public schools suck.

      • Re: (Score:2)

        by PPH ( 736903 )

        The US federal government is designed to be fair and accountable, not effective, fast, or efficient

        Of course, we could always elect a President and majority in both branches of the legislature from the same party. And then let the party leadership [wikimedia.org] run the country quickly and efficiently.

        A bit of Keystone Cops in the government is a good thing, IMO. It keeps them in check, keeps the population aware that they are largely responsible for themselves. And it makes a fun show with a beer and bowl of popcorn.

        • There will always people who want to tell everyone else what to do.

          The system of passing laws by debate in the House, then on to the Senate, then back to the House, one more trip to the Senate, and then on to the president, who may send it back to the house, is a good way to keep the bossy people busy without them affecting the rest of us TOO much.

      • Jurisdiction is jurisdiction. Just because the FBI or whoever is (or should be) tasked with dealing with this problem is ineffective in contacting some domain registrars and getting them to pull due to illegal activity, doesn't mean that a court should deputize Microsoft to carry out a domain seizure.

        • The federal district court has jurisdiction over this, and that's where Microsoft filed the action.

          I think maybe what you're thinking of is standing rather than jurisdiction.

          Either that or you've momentarily forgotten that civil law, lawsuits, exist and you're thinking crimes are the only law there is. If I punch you in the face, you can sue me. It's ALSO the crime of assault and I could be arrested; those are two separate consequences in two separate courts.

          So the next question is standing - Microsoft can

          • I'm aware that civil law is a thing. But using civil law as a remedy here seems really nuts.

            MS is doing law enforcement's job via domain seizure when it should have been the Feds that notified the registrar of illegal activity and either a). forced the registrar to terminate the domain registrations and issued a warrant to obtain information on whoever registered the domain or b). in the case of foreign activity, well actually then it gets more complicated because treaties blah blah blah you get the pictur

            • Sure the FBI could have acted, perhaps should have acted.

              Given that they didn't, I see no problem with Microsoft enforcing their trademarks - somebody was using Microsoft trademarks to fool consumers into thinking the file was produced or endorsed by Microsoft, so that's squarely in the realm of trademark law.

    • Re: (Score:1)

      by Anonymous Coward

      [...] The article doesn't mention the location of the two-person phishing team . . .

      My guess would be Yakima, WA.

    • No, phishing is not illegal.

  • Obligatory... (Score:1)

    by Anonymous Coward
    Fuck Microsoft and the office 365 it rode in on. Now, back to my beer.

  • Since the domains in question don't outright violate any Microsoft-owned trademark, how is it Microsoft gets to seize them? MS is not a government agency. They didn't have their trademarks or copyrights violated. If anyone was going to seize them, shouldn't that be the Feds? Fuck the phishers, but this doesn't seem like the appropriate response. I could perhaps see it if the domains were some variation of microsoft.com or something, but Microsoft doesn't own the term "office" in the general sense.

    • The domains might not violate the trademark but the contents of the emails etc do which in effect is what they seem to have argued.

    • If I punch you in the face, you can sue me and take my money. If I don't pay the money as ordered by the court, and I own four cars, you can go back to court and have the sheriff come take one of my cars.

      The money didn't punch you in the face. But if I did, you can take my money. The car didn't punch you un the face, but you can take it because the owner punched you in the face.

      I've explained more here:
      https://slashdot.org/comments.... [slashdot.org]

Slashdot Top Deals

Dynamically binding, you realize the magic. Statically binding, you see only the hierarchy.

Close