Skip the navigation

Critics blast Microsoft's takedown of No-IP domains

Microsoft contends it seized domains to stop distribution of two widely used malware tools

July 2, 2014 07:11 AM ET

Computerworld - Microsoft's tactics in using a court order to seize nearly two-dozen No-IP.com domains it said were used to distribute Windows malware tools were called ham-handed by several critics.

No-IP, a Reno, Nev. provider of dynamic domain name services, said Microsoft's sudden takedown of its domains was initiated without prior warning and disrupted Internet service for innocent customers.

In a blog post Monday, No-IP accused Microsoft of causing widespread problems for its customers. "Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors," the company claimed.

David Finn, executive director and associate general counsel of Microsoft's Digital Crimes Unit, defended the company's actions but acknowledged that the move affected innocent users.

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service," Finn said in an email on Tuesday. However, Microsoft has since restored all service, he said. "We regret any inconvenience these customers experienced."

A Microsoft spokeswoman declined further comment.

No-IP said it would have taken immediate action to address any problems with its domains had Microsoft given it notice.

Brian Honan, an independent security consultant with BH Consulting in Dublin, Ireland, questioned Microsoft's tactics in going after No-IP.com however justified its motives were. "Does this action mean that Microsoft has now appointed itself as the Internet Sheriff who will now clean up the place?" Honan asked.

Honan said Microsoft didn't provide No-IP.com a chance to defend itself in court, and thereby prevent its services from being impacted. Microsoft has set a precedent, which other companies could use "to impact legitimate service providers who they feel are not living up to an undetermined standard for responding to abuse requests," Honan said.

Microsoft in mid-June filed a complaint against No-IP.com in a Nevada federal court contending that No-IP's dynamic domain name services were being used to distribute two botnet software tools, Bladabindi and Jenxcus, and facilitate the distribution of more than 200 other malware products.

In the suit, Microsoft accused No-IP of providing the Kuwait and Algeria-based creators of Bladabindi and Jenxcus an infrastructure for distributing the tools to millions of Windows systems around the world. Microsoft claimed that hundreds of bad actors had downloaded the malware tools from No-IP's domains and infected computers with it.

Microsoft said that according to its research, No-IP domains were used 93% of the time for infecting computers with Bladabini and Jenxcus malware tools. Though No-IP should have known its domains were being used extensively for malicious purposes, it did nothing about it, Microsoft charged.



Our Commenting Policies