Microsoft's "draconian" No-IP takedown hits millions

Microsoft's latest security threat takedown has caused outages for millions, says its target No-IP

Nicole Kobie
1 Jul 2014

Microsoft's latest cybercrime takedown has targeted a legitimate firm, leading to collateral damage as millions using dynamic DNS are hit by outages.

Microsoft has lately worked with policing authorities and other tech firms around the world to take down the command-and-control servers targeting internet users with malware and spam.

The company's latest target is No-IP.com, which gives users a hostname for their router, to make remote connections easier. The dynamic DNS service is entirely legal, but Microsoft claims its weak security has allowed it to be used to spew malware - a charge No-IP denies, calling Microsoft's action "draconian".

"We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware," said Richard Domingues Boscovich, assistant general counsel at Microsoft's Digital Crimes Unit, in a Microsoft blog post.

Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors

Microsoft argues that No-IP's free dynamic Domain Name Service is being abused - and though it's not directly to blame, Microsoft claimed that 93% of Bladabindi-Jenxcus infections come via No-IP domains.

"Of the ten global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup," said Boscovich.

"Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity," he said.

Microsoft received court permission to take over No-IP, and is now the DNS authority for its free domains, letting it track threats and takeout malicious sites.

No contact

No-IP protested that Microsoft hadn't contacted it before seizing its domains, an act the dynamic DNS firm called "heavy-handed".

"We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us," marketing manager Natalie Goguen said in a post on the No-IP website. "Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives."

No-IP added that Microsoft has said it's only filtering out bad hostnames, and allowing legitimate ones to resolve - but claimed that "this is not happening".

"Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers," she said. "Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent internet users."

Christopher Soghoian, principal technologist at the ACLU, said over Twitter that "Microsoft's lawyers have a track record in shooting first and asking questions later".

Read more about: