Microsoft Takes Down No-IP.com Domains

An anonymous reader writes For some reason that escapes me, a Judge has granted Microsoft permission to hijack NoIP's DNS. This is necessary according to Microsoft to thwart a "global cybercrime epidemic" being perpetrated by infected machines running Microsoft software. No-IP is a provider of dynamic DNS services (among other things). Many legitimate users were affected by the takedown: "This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives. ... We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening."

Good judge

[Rosco+P.+Coltrane]

The best money could buy.

Re:WTF

[Rosco+P.+Coltrane]

Does not seem legal.

It's legal if the law says it is. And when the lawmakers are in bed with Big Business, like they are in the US, anything goes.

Wait a second...

[FuzzNugget]

So, Microsoft's argument was that they needed to hijack thousands of computers, secretly redirect them and put people in financial strain... so that someone else couldn't hijack thousands of computers, secretly redirect them and put people in financial strain?

Great plan, fuckwits!

Re:Sue them for all they're worth

[Ecuador]

The 93% sounds serious, but it just says that these specific infections choose No-IP.com, which is a very common dynDNS service. You can counter with the fact that 100% of the systems targeted by Bladabindi-Jenxcus infections are vulnerable due to Microsoft software.

How on earth did you get that result?

[SplatMan_DK]

I don't know where you went to school, but you should ask for a refund. Or read up on basic percentage calculations.

Microsoft claims that 93% of the malware traffic is traced to No-IP. But that says nothing about the total amount of traffic for No-IP, nor does it say anything about the total volume of legitimate domains. Malware traffic could be as little as 1% on No-IP's infrastructure while still accounting for 93% of malware DDNS traffic.

It is completely wrong to state that 93% of No-IP domains are hosting malware. A large number of legitimate customers are being affected by this, and Microsoft is not resolving their DDNS domains correctly (as promised). The actual percentage of legitimate vs malicious domains is unknown, as is the distribution of legit/malicious traffic.

Also, Microsofts claims are disputed by No-IP, so we should not take them at face value. No real evidence of malice has been proven (yet), which makes it extremely questionable that this was conducted ex parte.

Finally, the fact that No-IP was a favorite for malware is not (or should not be) in itself sufficient to take control of the domains like this. I sincerely hope Microsoft can prove No-IP did not respond properly to requests. Or that they can document that an extremely large portion of total traffic on No-IP was malware (which we know nothing about at this point).

Simply quoting the 93% number is a pile of BS. I can't stand by itself. I can say with certainty that at least 93% of the Nigerian scam mail I have received the last year has used a hotmail.com or outlook.com account. But surely this does not prove that Microsoft is willingly aiding Nigerian scammers and that their domains should be seized?