Feeds

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

Meanwhile, miscreants are DDoSing the hapless DNS provider

Build a business case: developing custom apps

Updated Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out.

"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the abuse of No-IP, an Internet solutions service," David Finn, associate general counsel of Redmond's Digital Crimes Unit, told The Reg in a statement.

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced."

The problems occurred after Microsoft was granted a temporary restraining order against No-IP by a Nevada judge that transferred 22 domains to Redmond. The injunction was granted because the Microsoft security team showed evidence that malware writers were using No-IP's services to sell and control nearly 250 types of malware, and in particular the Windows-targeted trojans Bladabindi and Jenxcus.

Under the terms of the court decision, the DNS lookups for the domains were passed to Microsoft's name servers, with the plan being that Redmond would filter out No-IP subdomains linked to malicious activity and let legitimate subdomains resolve as expected. Sadly, this didn’t work and No-IP estimated four million customers were left without service.

Microsoft's takeover of No-IP's domains may have pissed off the DNS firm's customers, but the security industry has rallied around the move. Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators.

"Based on our statistics, the shutdown has affected in some form at least 25 per cent of the APT groups we are tracking," he said. "Some of these hosts that were previously used in large and sophisticated cyberespionage operations are now pointing to what appears to be a Microsoft sinkhole, at 204.95.99.59."

As for No-IP; well, the week just got a whole lot worse. Today it was hit by a major distributed denial-of-service attack that crippled the company's website temporarily, and is causing its engineering team some major headaches. ®

Updated to add

No-IP has beaten off the DDoS attack, but the company is disputing Microsoft's claim that everything is fine and dandy for its customers.

"Services were not restored at 6am, in fact they are still not up at this moment," spokeswoman Natalie Goguen told The Register.

"At 6am, they seemed to make a change to forward on the good traffic, but it didn’t do anything. Although they seem to be trying to take corrective measures, DNS is hard, and they don’t seem to be very good at it."

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.