Service blamed for enabling trojan and malware distribution.
Microsoft has taken control of domains owned by DNS provider No-IP after filing a federal court order against the company for its role in spreading malware to millions of computers.
The computing giant claims that No-IP's parent company Vitalwerks has been enabling cybercriminals from Kuwait and Algeria distribute the trojan Bladabindi and the worm Jenxcus through improper management of the service.
Richard Domingues Boscovich, assistant general counsel at Microsoft digital crimes unit, said: "Of the 10 global malware disruptions in which we've been involved, this action has the potential to be the largest in terms of infection cleanup.
"Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93% of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains."
On June 19 the company filed for a temporary restraining order against No-IP at a US District Court in Nevada, which was granted a week later, giving Microsoft control over No-IP's 23 free domains.
Since the ruling Microsoft said it has identified and routed bad traffic into its "sinkhole", collecting information to help it repair damage caused by Bladabindi and Jenxcus.
Natalie Goguen, marketing manager at No-IP, said: "[Microsoft] claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening.
"Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors."
She admitted their service does "occasionally fall prey" to cyber criminals, but denounced the "heavy handed" and "draconian actions" of Microsoft. She added that before the takedown Microsoft had not been in contact with No-IP or asked it to block any of its subdomains.
Source: Company Press Release
get a cbr Cyber Security weekly update
Unable to register now