Security firm Kaspersky has hailed Microsoft's takedown of dynamic DNS provider No-IP as a "major blow" for cybercrime.
Microsoft seized 23 domains from the site after filing a court order against the company over concerns its service was being exploited by criminals to spread malware.
Kaspersky lab expert Costin Raiu said: "No-IP is one of the many Dynamic DNS providers out there, which can be used for free to register a subdomain on top of popular names such as 'servepics.com' or 'servebeer.com'.
"For a long time, this has been a favourite method for cybercriminals who wanted to register easy to update hostnames to control their malware implants."
Kaspersky noted at least a quarter of the advanced persistent threats (APTs) it has been tracking were hit, despite Microsoft only claiming to target trojan Bladabindi and the worm Jenxcus.
No-IP has protested what they called a "draconian" approach by Microsoft affecting "millions of innocent internet users", and is offering its customers the opportunity to create a new hostname on the domains it still has control over.
Raiu said: "In the future, we can assume these groups will be more careful on using dynamic DNS providers and rely more often on hacked websites and direct IP addresses to manage their C&C [command and control] infrastructure."