Microsoft seizes domains of No-IP for alleged role in malware epidemic

Security

by Jimmy Nicholls| 01 July 2014

Service blamed for enabling trojan and malware distribution.

Microsoft has taken control of domains owned by DNS provider No-IP after filing a federal court order against the company for its role in spreading malware to millions of computers.

The computing giant claims that No-IP's parent company Vitalwerks has been enabling cybercriminals from Kuwait and Algeria distribute the trojan Bladabindi and the worm Jenxcus through improper management of the service.

Richard Domingues Boscovich, assistant general counsel at Microsoft digital crimes unit, said: "Of the 10 global malware disruptions in which we've been involved, this action has the potential to be the largest in terms of infection cleanup.

"Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93% of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains."

On June 19 the company filed for a temporary restraining order against No-IP at a US District Court in Nevada, which was granted a week later, giving Microsoft control over No-IP's 23 free domains.

Since the ruling Microsoft said it has identified and routed bad traffic into its "sinkhole", collecting information to help it repair damage caused by Bladabindi and Jenxcus.

Natalie Goguen, marketing manager at No-IP, said: "[Microsoft] claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening.

"Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors."

She admitted their service does "occasionally fall prey" to cyber criminals, but denounced the "heavy handed" and "draconian actions" of Microsoft. She added that before the takedown Microsoft had not been in contact with No-IP or asked it to block any of its subdomains.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

734 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.