Microsoft Goes After Botnet, Tanking No-IP’s Dynamic DNS Service For Regular Users In The Process

Microsoft seized 23 domains this week from No-IP, a provider of dynamic DNS services, after filing a civil suit alleging that the domains in question were used to distribute malware.

The domains, according to Microsoft, were used 93 percent of the time for distributing the Bladabindi and Jenxcus malware families. A court granted Microsoft custodianship — DNS authority — of the digital properties so that it could “identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.”

It was not a smooth operation. In its zeal to take on cybercrime, Microsoft also disrupted normal service for regular users. The company noted this in a later statement: “Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service.”

Various reports online, however, directly dispute that claim.

You won’t find too many advocates for malware and the like, but it seems that Microsoft stirred up more controversy than it expected to. The company acted through legal channels, making its actions likely under the purview of law, but many are incensed by its heavy-handed action against the infinitely smaller No-IP. A hashtag, #FreeeNoIP, has been set up in protest.

A taste:

Screen Shot 2014-07-02 at 2.54.04 PM

Domains are property, and Microsoft essentially appropriated control over No-IPs domains.

No-IP isn’t pleased. In a sharply worded blog post in response to Microsoft’s actions, the company claims that Microsoft didn’t reach out to it before it acted — Microsoft declined to comment on the allegation, citing pending legal action — and that it has a “long history of proactively working with other companies when cases of alleged malicious activity have been reported to us.”

In an email to PC World, No-IP stated that “DNS is hard, and [Microsoft doesn’t] seem to be very good at it.”

Microsoft thinks that No-IP had a role in “creating, controlling, and assisting in infecting millions of computers with malicious software.” No-IP has a slightly different take:

Vitalwerks and No­-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-­IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.

Just what the hell is a dynamic DNS service? I asked TechCrunch’s Frederic Lardinois to explain:

Dynamic DNS services like No-IP allow you to map your IP address — which can change at any time, depending on your ISP — to a domain name. That’s useful if you want to access your nannycam from work without having to remember an ever-changing IP address, for example. Normally, that would be a hassle to set up, but services like No-IP automate all of this for you.

You can still use No-IP through one of its domains that Microsoft didn’t take over.