No-IP a DNS service company told its customers on its company blog yesterday, that Microsoft has gotten a federal court order seizing 22 of its domain names based on the activity of users on some of the subdomains.
According to arstechnica.com, “Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.”
“In a complaint Microsoft filed under seal on June 19, Microsoft attorneys said No-IP is “functioning as a major hub for 245 different types of malware circulating on the Internet.” The document said abuse of the service has been the subject of recent blog posts by both OpenDNS and Cisco Systems.
“Although Defendant Vitalwerks is on notice and should be aware that its services are heavily abused, it has failed to take sufficient steps to correct, remedy, or prevent the abuse and to keep its domains free from malicious activity,” the attorneys wrote. In addition to naming No-IP, the complaint also charged two men who allegedly used No-IP to work with Bladabindi and Jenxcus control servers. More documents filed in the case are available here.”
According to krebsonsecurity.com, Microsoft to go after 2,000 or so bad sites, has taken down four million.
Here is the blog post from No-IP:
“We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue.”
“This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. ”
“We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us.”
“Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.”
“We have been in contact with Microsoft today.”
“They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. ”
“However, this is not happening.”
“Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.”
“Had Microsoft contacted us, we could and would have taken immediate action.”
“Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.”