back to article Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5

Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks. The Windows giant obtained an order from US courts allowing it to seize domains being used for phishing, having first spotted the miscreants doing their thing in December 2019. “Microsoft’s Digital Crimes Unit (DCU …

  1. David 132 Silver badge
    Happy

    That much downtime?

    Article headline at the time of writing this: amid web app attacks against Office 265

    Now, I know they've had a lot of downtime, and I've variously heard it referred to as Office 364, Office 360 and so on, but a whole 100 days? At that point, probably safer to host your data on a stack of knockoff Chinese 5.25" floppy disks held onto your fridge with a magnet.

    Yeah yeah, I should use the "Send a correction" link, but this was too funny not to call out!

    1. Steve Foster
      Thumb Up

      Re: That much downtime?

      Given the frequency with which all the cloud services like to go TITSUP, I'd say 265 is probably about right.

    2. diodesign (Written by Reg staff) Silver badge

      Re: That much downtime?

      Just assume any value after Office is correct. I'd ask our tech team to make an automatic randomzier for the headline but they seem rather busy on actual functionality.

      PS: corrections@theregister.com works well for any typo :p

      C.

      1. Dan 55 Silver badge

        Re: That much downtime?

        Why not tag every Office downtime story with a certain tag and, if an article carries this tag, subtract the number of articles this year with this tag from 365 and replace the string "365" in the headline with this number.

        Unfair, probably. Enlightening and funny, certainly.

        1. David 132 Silver badge
          Thumb Up

          Re: That much downtime?

          It depends how well El Reg’s CMS handles 64-bit negative numbers...

  2. Anonymous Coward
    Anonymous Coward

    Microsoft’s Digital Crimes Unit (DCU)

    Is this a real thing? Can we watch it on Netflix?

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft’s Digital Crimes Unit (DCU)

      sounds rather like the BBC's very own "BBC Disinformation Unit".

    2. Dan 55 Silver badge

      Re: Microsoft’s Digital Crimes Unit (DCU)

      Yes.

      1. Rafael #872397
        Coffee/keyboard

        Re: Microsoft’s Digital Crimes Unit (DCU)

        Jeez, that link is like a rick roll for IT people. I almost clicked on the "report abuse" link.

  3. Steve Foster
    FAIL

    Something about motes and beams...

    ...it'd be nice if they could stop the silly DoS crap originating from some of their *.outbound.protection.outlook.com servers.

    Stuff like this, where they just connect and then drop the connection over and over:

    07/07/2020 13:04:41 - ( 2911) EHLO GBR01-LO2-obe.outbound.protection.outlook.com

    07/07/2020 13:04:41 - ( 2911) 250-Welcome, mail-lo2gbr01lp2055.outbound.protection.outlook.com [104.47.21.55], pleased to meet you

    07/07/2020 13:04:41 - ( 2911) 250-AUTH=LOGIN

    07/07/2020 13:04:41 - ( 2911) 250-AUTH LOGIN

    07/07/2020 13:04:41 - ( 2911) 250-SIZE 20971520

    07/07/2020 13:04:41 - ( 2911) 250-ETRN

    07/07/2020 13:04:41 - ( 2911) 250 HELP

    07/07/2020 13:04:41 - ( 2911) Error: [10054] Connection reset by peer

    1. DJV Silver badge
      Happy

      Re: Something about motes and beams...

      Are those dates in American MM/DD/YYYY format or UK DD/MM/YYYY format?

      Enquiring minds etc....

      1. doublelayer Silver badge

        Re: Something about motes and beams...

        "Are those dates in American MM/DD/YYYY format or UK DD/MM/YYYY format?"

        Yes, indeed they are.

        Sorry. I thought the question deserved that answer. I'll go now.

        1. veti Silver badge

          Re: Something about motes and beams...

          Though it could be the Molvanian MD/DM/YYYY...

    2. This post has been deleted by its author

    3. joesomeone Bronze badge
      Boffin

      Re: Something about motes and beams...

      Maybe the sender's send connector enforces TLS.

      Given the DNS PTR naming convention, it looks like this might be part of their low-quality/SRS IP pool. At least that's what I gather from reading the tea leaves.

      But it doesn't sound like you're missing anything important, nevertheless. :)

      1. Steve Foster

        Re: Something about motes and beams...

        Other [genuine] email from MS servers comes through ok, so I don't think it's TLS-related (though it's a good thought).

        And even if MS did want to only transmit over TLS, their servers should end the conversation cleanly with QUIT, not just drop the connection.

        Mostly, it's their hypocrisy that peeves me.

        1. joesomeone Bronze badge

          Re: Something about motes and beams...

          That is O365, so Microsoft has a baseline configuration for send connectors, but their tenants are free to do whatever they want, including enforcing TLS for one or all destination domains or relays, so on and so forth.

          It is unfortunate that they don't execute a QUIT either and instead allow the socket to age out.

    4. Ken Moorhouse Silver badge

      Re: 07/07/2020 13:04:41 - ( 2911) 250-SIZE 20971520

      They've repurposed the term "bulk email" by the look of it.

      1. Steve Foster

        Re: 07/07/2020 13:04:41 - ( 2911) 250-SIZE 20971520

        That's my server announcing that email of up to 20MB will be accepted.

        That seems like a reasonable limit in the modern world - not too small to interfere with normal traffic, not too big to choke the server.

        IME, the UCE that does get through actually tends to be quite small (well below that 20MB limit) - it's not often that junk comes with huge attachments.

  4. Pascal Monett Silver badge

    Don't worry, Borkzilla

    This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface "

    No problem here, I don't have a Borkzilla account, so there's nothing to phish.

    You see, I have an innate distrust of anything that tries to tie me into its universe. That's why I don't have a YouTube account, or a FaceBook account, or an Office x65 account. I fail to see why I should give you all the details of my comings and goings on the Internet, since it's none of your clucking business.

    1. Snake Silver badge

      Re: Don't worry, Borkzilla

      And instead of fixing the real problem - since WHEN it is OK to allow changes to an account without expressly demanding a login to said account? - they go after the miscreant.

      Go after that horse, don't even bother to worry about that barn door, says Microsoft.

  5. Claverhouse Silver badge
    Pirate

    Things to Come

    Quite apart from it being Microsoft, possibly the most ethical corporation in Hades, who else feels disquiet at any company on earth having it's own 'Crimes Unit ?

    Like those American Railroads having their own police back in the day --- though even then they had the cover of municipal badges, given by compliant local authorities; whilst ordinary tycoons had the decency at least to hire Pinkertons and other private muscle [ including US soldiers ] whenever they wanted workers beaten, killed or machine-gunned along with their family members in the Land of the Free.

    Personal police forces are a bad idea.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021