Feeds

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

Meanwhile, miscreants are DDoSing the hapless DNS provider

Choosing a cloud hosting partner with confidence

Updated Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out.

"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the abuse of No-IP, an Internet solutions service," David Finn, associate general counsel of Redmond's Digital Crimes Unit, told The Reg in a statement.

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced."

The problems occurred after Microsoft was granted a temporary restraining order against No-IP by a Nevada judge that transferred 22 domains to Redmond. The injunction was granted because the Microsoft security team showed evidence that malware writers were using No-IP's services to sell and control nearly 250 types of malware, and in particular the Windows-targeted trojans Bladabindi and Jenxcus.

Under the terms of the court decision, the DNS lookups for the domains were passed to Microsoft's name servers, with the plan being that Redmond would filter out No-IP subdomains linked to malicious activity and let legitimate subdomains resolve as expected. Sadly, this didn’t work and No-IP estimated four million customers were left without service.

Microsoft's takeover of No-IP's domains may have pissed off the DNS firm's customers, but the security industry has rallied around the move. Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators.

"Based on our statistics, the shutdown has affected in some form at least 25 per cent of the APT groups we are tracking," he said. "Some of these hosts that were previously used in large and sophisticated cyberespionage operations are now pointing to what appears to be a Microsoft sinkhole, at 204.95.99.59."

As for No-IP; well, the week just got a whole lot worse. Today it was hit by a major distributed denial-of-service attack that crippled the company's website temporarily, and is causing its engineering team some major headaches. ®

Updated to add

No-IP has beaten off the DDoS attack, but the company is disputing Microsoft's claim that everything is fine and dandy for its customers.

"Services were not restored at 6am, in fact they are still not up at this moment," spokeswoman Natalie Goguen told The Register.

"At 6am, they seemed to make a change to forward on the good traffic, but it didn’t do anything. Although they seem to be trying to take corrective measures, DNS is hard, and they don’t seem to be very good at it."

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Put down that shotgun: Wi-Fi's the way to beat Zombies
CreepyDOL sensors can pick walkers from humans with MAC snack attack
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.