What Kaspersky thinks of Microsoft's No-IP takedown

Security

by Jimmy Nicholls| 02 July 2014

Security firm says it is even better than Microsoft claims.

Security firm Kaspersky has hailed Microsoft's takedown of dynamic DNS provider No-IP as a "major blow" for cybercrime.

Microsoft seized 23 domains from the site after filing a court order against the company over concerns its service was being exploited by criminals to spread malware.

Kaspersky lab expert Costin Raiu said: "No-IP is one of the many Dynamic DNS providers out there, which can be used for free to register a subdomain on top of popular names such as 'servepics.com' or 'servebeer.com'.

"For a long time, this has been a favourite method for cybercriminals who wanted to register easy to update hostnames to control their malware implants."

Kaspersky noted at least a quarter of the advanced persistent threats (APTs) it has been tracking were hit, despite Microsoft only claiming to target trojan Bladabindi and the worm Jenxcus.

No-IP has protested what they called a "draconian" approach by Microsoft affecting "millions of innocent internet users", and is offering its customers the opportunity to create a new hostname on the domains it still has control over.

Raiu said: "In the future, we can assume these groups will be more careful on using dynamic DNS providers and rely more often on hacked websites and direct IP addresses to manage their C&C [command and control] infrastructure."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.