Although Vole has worked with the FBI and others to disrupt communications channels between hackers and infected PCs, it is rare to act on its own. This is also the first high-profile case involving malware written by developers outside of Eastern Europe.
The operation, which began on Monday under an order issued by a federal court in Nevada, Microsoft said the two malwares operated in similar ways and were written and distributed by developers in Kuwait and Algeria.
Microsoft said that it would take days to determine how many machines were infected. Voles’ own, anti-virus software alone has detected some 7.4 million infections over the past year and is installed on less than 30 percent of the world’s PCs.
The developers marketed their malware over social media, including videos on YouTube and a Facebook page. They posted videos with techniques for infecting PCs.
The court order allowed Microsoft to disrupt communications between infected machines and Reno, Nevada-based Vitalwerks Internet Solutions.
Boscovich said about 94 percent of all machines infected with the two viruses communicate with hackers through Vitalwerks servers.
Registries will direct suspected malicious traffic to Microsoft servers in Redmond, Washington, instead of to Vitalwerks.
Vole will then filter out communications from PCs infected with another 194 types of malware also being filtered through Vitalwerks.
Vitalwerks and its operational subsidiary No-IP claim to have a very strict abuse policy. To be fair Microsoft has not accused Vitalwerks of involvement in any cybercrime, though it alleges the company failed to take proper steps to prevent its system from being abused.