Feeds

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

Meanwhile, miscreants are DDoSing the hapless DNS provider

Intelligent flash storage arrays

Updated Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out.

"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the abuse of No-IP, an Internet solutions service," David Finn, associate general counsel of Redmond's Digital Crimes Unit, told The Reg in a statement.

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced."

The problems occurred after Microsoft was granted a temporary restraining order against No-IP by a Nevada judge that transferred 22 domains to Redmond. The injunction was granted because the Microsoft security team showed evidence that malware writers were using No-IP's services to sell and control nearly 250 types of malware, and in particular the Windows-targeted trojans Bladabindi and Jenxcus.

Under the terms of the court decision, the DNS lookups for the domains were passed to Microsoft's name servers, with the plan being that Redmond would filter out No-IP subdomains linked to malicious activity and let legitimate subdomains resolve as expected. Sadly, this didn’t work and No-IP estimated four million customers were left without service.

Microsoft's takeover of No-IP's domains may have pissed off the DNS firm's customers, but the security industry has rallied around the move. Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators.

"Based on our statistics, the shutdown has affected in some form at least 25 per cent of the APT groups we are tracking," he said. "Some of these hosts that were previously used in large and sophisticated cyberespionage operations are now pointing to what appears to be a Microsoft sinkhole, at 204.95.99.59."

As for No-IP; well, the week just got a whole lot worse. Today it was hit by a major distributed denial-of-service attack that crippled the company's website temporarily, and is causing its engineering team some major headaches. ®

Updated to add

No-IP has beaten off the DDoS attack, but the company is disputing Microsoft's claim that everything is fine and dandy for its customers.

"Services were not restored at 6am, in fact they are still not up at this moment," spokeswoman Natalie Goguen told The Register.

"At 6am, they seemed to make a change to forward on the good traffic, but it didn’t do anything. Although they seem to be trying to take corrective measures, DNS is hard, and they don’t seem to be very good at it."

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.