Microsoft admits technical error in IP takeover, but No-IP still down
No-IP claims Microsoft doesn't appear to be very good at DNS
IDG News Service - Microsoft admitted Tuesday it made a technical error after it commandeered part of an Internet service's network in order to shut down a botnet, but the Nevada-based company says its services are still down.
A federal court in Reno granted Microsoft an ex-parte restraining order that allowed it to take control of 22 domains run by No-IP, a DNS (Domain Name Service) provider owned by Vitalwerks, which was served the order on Monday.
Microsoft alleged the domains were being abused by cybercriminals to manage and distribute malware. It was the tenth time Microsoft has turned to the courts to take sweeping action against botnets, or networks of hacked computers.
Although No-IP was not accused of wrongdoing, Microsoft maintained the company had not done enough to stop abuse on its networks. Microsoft's intention by seizing the domains was to block only the computers using No-IP's services that were being used as part of a botnet.
But "due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service," according to an email statement from David Finn, executive director and associate general counsel of Microsoft's Digital Crimes Unit.
"We regret any inconvenience these customers experienced," Finn wrote via email on Tuesday.
He claimed that No-IP's services were restored at 6 a.m. Pacific Time Tuesday. No-IP spokeswoman Natalie Goguen wrote via email that Microsoft made a technical change on Tuesday to forward legitimate traffic back to No-IP, but "it didn't do anything."
"Although they seem to be trying to take corrective measures, DNS is hard, and they don't seem to be very good at it," she wrote.
When queried, a Microsoft spokeswoman pointed to a tweet by No-IP that said it was under DDoS (distributed denial-of-service) attack. Goguen responded that No-IP's website was under attack but it did not affect its DNS infrastructure.
No-IP provides a free service that allows a customer's domain name to always point back to their computer even if an ISP assigns a different IP address to a computer when it comes online. It does that by offering subdomains for 22 main domain names it owns.
The IP address of a customer's subdomain is updated as the computer's IP address changes. Records in the DNS (Domain Name System) are then updated.
In its civil suit, Microsoft alleged two foreign nationals, Mohamed Benabdellah of Algeria and Naser Al Mutairi of Kuwait, used No-IP's service to facilitate the management of malware that steals sensitive data from people's computers.
No-IP's service "provides computers that move from IP address to IP address a stable domain name for malware-infected computers to contact," according to the lawsuit.
No-IP maintains that it has worked with companies that reported abuse but "unfortunately, Microsoft never contacted us or asked us to block any subdomains," according to a blog post on Monday.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5
- This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms
- In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86
- Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye
- Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe. All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts