The US District Court for the Eastern District of Virginia on Friday granted Microsoft Corporation (Microsoft) a temporary restraining order (TRO) requiring domain registrars to disable service on the malicious “homoglyph” domains identified in Appendix A to Microsoft’s complaint. Microsoft confirmed receipt of the order on Monday.
The court further ordered the domain registrars to place the domains on “client hold status” and to take all necessary steps to prevent access, modification, or transfer of the domains until their respective expirations.
Microsoft filed a complaint in federal court earlier this month after it uncovered suspicious cybercriminal activity targeting its customers. Microsoft’s internal investigation found that the unnamed criminal group created 17 malicious domains, which together with stolen customer credentials, were used to hack into and monitor Office 365 accounts in an attempt to defraud its customers.
Similar to phishing, homoglyph domains exploit the similarities of some letters to deceive unwary internet users into believing that the site is legitimate. An example of this would be the use of the lowercase “L” in place of the uppercase “I” in “MICROSOFT.COM versus MlCROSOFT.COM.”
Looking at the evidence set forth in Microsoft’s brief in support of its motion for the TRO, Judge Rossie Alston Jr. concluded:
There is good cause to believe that Defendants have engaged in and are likely to engage in acts or practices that violate the Computer Fraud and Abuse Act under 18 USC § 1030 [and other federal and state statutes]…unless Defendants are restrained and enjoined by Order of this Court, immediate and irreparable harm will result…Microsoft is likely to prevail on its claim that Defendants have engaged and are likely to engage in violations…good cause and the interest of justice require that this Order be granted without prior notice to Defendants.
The court noted that Microsoft request for an emergency ex parte relief in this instance was not due to lack of due diligence on its part but based upon the “nature of defendant’s unlawful conduct,” and relieved Microsoft of the duty to provide defendants with prior notice of Microsoft’s motion for the TRO.
This is not the first time Microsoft secured such an order to combat cybercriminals, which research shows affected 71% of businesses in 2021. Last year, a court granted Microsoft’s request to seize and take control of malicious domains used in a large-scale cyberattack affecting victims in 62 countries with spoofed COVID-19 emails.