Microsoft Seizes 22 Domains Of No­-IP Based Off Of SubDomain Usage & Millions Of Uses Effected

No­-IP a DNS service company told its customers on its company blog yesterday, that Microsoft has gotten a federal court order seizing 22 of its domain names based on the activity of users on some of the subdomains.

According to arstechnica.com, “Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.”

“In a complaint Microsoft filed under seal on June 19, Microsoft attorneys said No-IP is “functioning as a major hub for 245 different types of malware circulating on the Internet.” The document said abuse of the service has been the subject of recent blog posts by both OpenDNS and Cisco Systems.

“Although Defendant Vitalwerks is on notice and should be aware that its services are heavily abused, it has failed to take sufficient steps to correct, remedy, or prevent the abuse and to keep its domains free from malicious activity,” the attorneys wrote. In addition to naming No-IP, the complaint also charged two men who allegedly used No-IP to work with Bladabindi and Jenxcus control servers. More documents filed in the case are available here.”

According to krebsonsecurity.com, Microsoft  to go after 2,000 or so bad sites, has taken down four million.

Here is the blog post from No-IP:

“We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue.”

“This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. ”

“We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us.”

“Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.”

“We have been in contact with Microsoft today.”

“They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. ”

“However, this is not happening.”

“Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.”

“Had Microsoft contacted us, we could and would have taken immediate action.”

“Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.”

Comments

  1. Louise says

    Here is a list of some of the offending sub-domains:

    EXHIBIT C
    1
    microsoft-hi.zapto.org
    trojan12windows6.zapto.org
    windows-reg.no-ip.biz
    windows7.zapto.org
    microsoftcae.no-ip.biz
    windows2007.no-ip.biz
    microsoftoffic.no-ip.biz
    microsoft80win.no-ip.biz
    microsoft-servers.no-ip.biz
    microsoftess.zapto.org
    windows-services.zapto.org
    windows-team.zapto.org
    windowssvc.no-ip.biz
    microsoftx.no-ip.biz
    microsofts.no-ip.biz
    microsoftoffice.no-ip.biz
    windowsos.zapto.org
    windows.zapto.org
    windows0update.zapto.org
    windows6.no-ip.biz
    xmicrosoftxx.no-ip.biz
    windowssecureudate.no-ip.biz
    windowsinpute.zapto.org
    microsoftcorp.zapto.org
    microsoftvisual.zapto.org
    ismailwindows.zapto.org
    windowsupdate995.no-ip.biz
    microsoftcae1.no-ip.biz
    microsoftdns.no-ip.biz
    windows81.no-ip.biz
    windowss.zapto.org
    microsoftup.zapto.org
    windowssysx.no-ip.biz
    windows95.no-ip.biz
    windows-service.no-ip.biz
    microsoftupdatee.no-ip.biz
    windowshqsupport.no-ip.biz
    microsoft69.zapto.org
    windows1338.zapto.org
    windows32.hopto.org
    microsoftgroup.sytes.net
    microsoftwindoows.sytes.net
    windowsystec.sytes.net
    microsoftntdll.sytes.net
    microsoftwindows.sytes.net
    microsoftprotection.sytes.net
    windowssys.sytes.net
    microsoft-inc.sytes.net
    windows9.sytes.net
    microsoftst.sytes.net
    microsoft-windows.hopto.org
    microsoftcompany.hopto.org
    windows7.no-ip.info
    microsoft55.sytes.net
    my-microsoft.sytes.net
    windowshost.hopto.org
    windows-updat.no-ip.info
    windows7.sytes.net
    microsoft2update.sytes.net
    office-microsoft.sytes.net
    usamicrosoft.hopto.org
    microsoftcrm.no-ip.info
    windowsupd.sytes.net
    windows-system.no-ip.info

    It’s like, what point does a business own up to responsibility?

Join the Discussion