Feeds

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

Meanwhile, miscreants are DDoSing the hapless DNS provider

Next gen security for virtualised datacentres

Updated Microsoft has admitted that it did disrupt a significant number of legitimate users of No-IP's dynamic DNS service, but says the problem is now sorted out.

"Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners' knowledge through the abuse of No-IP, an Internet solutions service," David Finn, associate general counsel of Redmond's Digital Crimes Unit, told The Reg in a statement.

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6am Pacific time today, all service was restored. We regret any inconvenience these customers experienced."

The problems occurred after Microsoft was granted a temporary restraining order against No-IP by a Nevada judge that transferred 22 domains to Redmond. The injunction was granted because the Microsoft security team showed evidence that malware writers were using No-IP's services to sell and control nearly 250 types of malware, and in particular the Windows-targeted trojans Bladabindi and Jenxcus.

Under the terms of the court decision, the DNS lookups for the domains were passed to Microsoft's name servers, with the plan being that Redmond would filter out No-IP subdomains linked to malicious activity and let legitimate subdomains resolve as expected. Sadly, this didn’t work and No-IP estimated four million customers were left without service.

Microsoft's takeover of No-IP's domains may have pissed off the DNS firm's customers, but the security industry has rallied around the move. Kaspersky Lab expert Costin Raiu said the power grab has crippled command-and-control systems for many malware operators.

"Based on our statistics, the shutdown has affected in some form at least 25 per cent of the APT groups we are tracking," he said. "Some of these hosts that were previously used in large and sophisticated cyberespionage operations are now pointing to what appears to be a Microsoft sinkhole, at 204.95.99.59."

As for No-IP; well, the week just got a whole lot worse. Today it was hit by a major distributed denial-of-service attack that crippled the company's website temporarily, and is causing its engineering team some major headaches. ®

Updated to add

No-IP has beaten off the DDoS attack, but the company is disputing Microsoft's claim that everything is fine and dandy for its customers.

"Services were not restored at 6am, in fact they are still not up at this moment," spokeswoman Natalie Goguen told The Register.

"At 6am, they seemed to make a change to forward on the good traffic, but it didn’t do anything. Although they seem to be trying to take corrective measures, DNS is hard, and they don’t seem to be very good at it."

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.