Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Settles With No-IP After Malware Takedown

Posted by timothy on from the semi-mulligan dept.

Trailrunner7 (1100399) writes It's been a weird couple of weeks for Microsoft. On June 30 the company announced its latest malware takedown operation, which included a civil law suit against Vitalwerks, a small Nevada hosting provider, and the seizure of nearly two dozen domains the company owned. Now, 10 days later, Microsoft has not only returned all of the seized domains but also has reached a settlement with Vitalwerks that resolves the legal action. Some in the security research community criticized Microsoft harshly for what they saw as heavy handed tactics. Within a few days of the initial takedown and domain seizure Microsoft returned all of the domains to Vitalwerks, which does business as No-IP.com. On Wednesday, the software giant and the hosting provider released a joint statement saying that they had reached a settlement on the legal action. "Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks' services," the companies said in a joint statement. "Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware."

38 of 83 comments (clear)

  1. "Sorry about that" by Anonymous Coward · · Score: 5, Informative

    "We did the thing we should have done in the first place after some guys pointed out what a bunch of dumb motherfuckers we'd been."

    1. Re:"Sorry about that" by theskipper · · Score: 3, Informative

      "And luckily no one will remember what our employees were posting in public forums about the issue, nor our sock puppets that modded them up"

      http://yro.slashdot.org/commen...

  2. Shoot first, ask questions later by Anonymous Coward · · Score: 1

    It's the law. According to an American judge.

  3. Complete clusterfuck by ShaunC · · Score: 5, Interesting

    Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware.

    Yeah, if waking up one day to find that most of your business has been handed over to another company is what passes for "notification" these days.

    I hope Microsoft paid them handsomely.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
    1. Re:Complete clusterfuck by infinitelink · · Score: 1

      Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware.

      Yeah, if waking up one day to find that most of your business has been handed over to another company is what passes for "notification" these days. I hope Microsoft paid them handsomely.

      For the land of the free, judicial misbehavior never seems to be mentioned when due a mention while it is blared from the rooftops when they rule correctly. IT SEEMS to me that the most important target of criticism here is missing since Microsoft went to--and got--an order by an authority, who should have had the competence to know better than to seize the private property of one and hand it over to another private party. Then again, everyone is afraid of the oligarchy of robes.

      --
      Intelligent idiots are we. | Evil men do not understand justice.
    2. Re:Complete clusterfuck by cavreader · · Score: 1

      They were disabling the domains not selling them to another company to use. And it seems like this incident was settled by using the protections built into the judicial system. In the end the company was compensated and MS got the offending domains disabled. The bigger question is why does MS even make the effort to root out malware and shut it down? Identifying and taking down malware networks benefits everyone using the internet not just MS.

  4. Could have been avoided by Anonymous Coward · · Score: 1

    If only the idiot judge that approved the request for injunction had demanded to see some factual evidence that No-IP was actively aiding from the two bot herders also listed in the motion instead of just taking Microsoft's flimsy insinuations for it. Plus, it might have helped if the judge had given No-IP the chance to defend themselves before court instead of permitting the ex-parte session.

    1. Re:Could have been avoided by Anonymous Coward · · Score: 2, Insightful

      More importantly, it's absolutely *insane* that companies can seize other companies' assets like this. This is something only law enforcement should be able to do.

    2. Re:Could have been avoided by charlesr44403 · · Score: 1

      As a no-ip.com customer, for a while I feared that MS was being given a legal monopoly on dynamic-ip resolution. You never know these days.

  5. I see these and laugh by portwojc · · Score: 4, Insightful

    I always find it funny to see Microsoft using legal actions to fight malware rather than just fix the problem...

    1. Re:I see these and laugh by John+Bokma · · Score: 3, Informative

      I am no longer surprised that even at a tech site people really think that malware is a MS-only issue...

      --

      Perl Programmer for hire
    2. Re:I see these and laugh by disposable60 · · Score: 2

      When lawyers make decisions, the decision is always 'Pay some lawyers!' Never 'Pay some engineers!'

      --
      You're looking for quotes? See my journal.
    3. Re:I see these and laugh by 0123456 · · Score: 1

      If every program ran in its own sandbox there wouldn't be any scary warning and there wouldn't be any malware.

      Yeah, because who cares wehther the bad guys are capturing everything you type into your web browser?

    4. Re:I see these and laugh by LordLimecat · · Score: 1

      actually, 90% of malware these days relies no non-OS / browser specific exploits. Its all flash, Java, PDF.

      Of course, 98.27% of stats online are plucked from the ether.

    5. Re: I see these and laugh by KevReedUK · · Score: 1

      Are you also proposing that this browser not support plugins? Otherwise, what's to stop malware writers creating a plugin that captures input and phones home with it? Or are you suggesting that the browser only support plugins obtained from some kind of walled garden? Who will police it? In the end, the problem remains that people will be the weak link. When discussing security, even computer security, it has always been thus, and likely always will be.

      --
      Just my $0.03 (At current exchange rates, my £0.02 is worth more than your $0.02)
  6. Re:Short version of article by gauauu · · Score: 4, Insightful

    Not really. They got away with it at no real cost. Chances are our "small Nevada hosting provider" was cooperating fully with Microsoft, and playing the victim card helps avoid bad press. Or it could be covering up a National Security Letter.

    I don't know, the message from No-IP includes the statement: "While we are extremely pleased with the settlement terms, we are outraged by Microsoft’s tactics and that we were not able to completely and immediately restore services to the majority of our valuable customers that had been affected." This sounds an awful lot like code for "Microsoft paid us a metric crap-ton of money, but part of the agreement is that we wouldn't tell how much."

  7. In other news... by Scutter · · Score: 3, Funny

    ...an unnamed small Nevada hosting provider was the subject of an intense and unannounced BSA audit on Thursday...

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    1. Re:In other news... by Trailer+Trash · · Score: 1

      ...an unnamed small Nevada hosting provider was the subject of an intense and unannounced BSA audit on Thursday...

      I get the feeling that the actual headline is "Vitalwerks staff vacationing in the Caribbean for the next couple of months".

      --
      Do you have ESP?
  8. Re:And it was all a smokescreen by John+Bokma · · Score: 1

    Yeah, right, like malware only runs on Windows.... The real problem is that a lot of ISPs take a lot of time (if ever) to do anything about this. You really think that nobody has reported this before MS decided to take action?

    --

    Perl Programmer for hire
  9. Good Job, Microsoft by N3tRunner · · Score: 1, Insightful

    Even if they may have jumped the gun in this case, at least somebody's out there trying to do some enforcement.

    1. Re:Good Job, Microsoft by jeIIomizer · · Score: 1

      To compare spam filters and such with seizing a company's assets using the power of government thugs is absolutely absurd. I'd say you seem like a shill, but in reality, that's wishful thinking on my part. Shills and the mentally challenged are often indistinguishable.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  10. How does it NOT? by Uberbah · · Score: 2

    If Microsoft wasn't the "bad guy", why offer a settlement less than two weeks later?

    I don't like Redmond

    For some reason I feel like doubting the sincerity of this statement.

    1. Re:How does it NOT? by sexconker · · Score: 1

      If Microsoft wasn't the "bad guy", why offer a settlement less than two weeks later?

      To avoid court costs.

      And you don't know that they offered a settlement. MS could have simply told them to STFU or they'd be countersued for X, Y, and Z. Maybe MS threatened to publicly release evidence that showed they were actively aiding and abetting the malware shit MS was called in to clean up.

      You can blindly hate MS all you want, but no-ip and its siblings have a less than stellar reputation themselves.

    2. Re:How does it NOT? by Uberbah · · Score: 1

      To avoid court costs.

      Because they knew they had fucked up. Badly. Claiming that a corp the size of Microsoft is afraid of a little lawsuit - days after having someone's business raided - is about as believable as your Craigslist ad for oceanfront property in Nebraska.

      And you don't know that they offered a settlement. MS could have simply told them to STFU or they'd be countersued for X, Y, and Z.

      Your protests don't pass the laugh test. If Microsoft could sue for X, Y, or Z, they never would have agreed to a settlement so quickly.

      Maybe MS threatened to publicly release evidence that showed they were actively aiding and abetting the malware shit MS was called in to clean up.

      Then they would have done so.

      You can blindly hate MS all you want, but no-ip and its siblings have a less than stellar reputation themselves.

      Go home, Microsoft fanboi, you're delusional. The response would have been the same if it were Microsoft or Google or Samsung pulling the same crap.

  11. A real malware takedown... by UltraZelda64 · · Score: 2

    ...would be shutting down these god damn Windows machines that are infected zombies taking on the malicious tasks that this whole damn situation is about. No-IP is nothing without Microsoft's infected junk spewing garbage and infections all over the Internet. It's not like Microsoft doesn't hold the keys to immobilize a system running their own operating system anyway, they have the kill switch built right in to the OS before you even buy the license to run it in the form of WGA.

  12. The numbers never did add up by whoever57 · · Score: 2

    Microsoft portrayed No-IP as primarily a business making money from botnet operators, but Microsoft only listed a few hundred subdomain names that were implicated. Compared to what I imagine is hundreds of thousands, or millions (or tens of millions) of subdomain names that No-IP must support to have a viable business, it's a tiny fraction.

    --
    The real "Libtards" are the Libertarians!
    1. Re:The numbers never did add up by whoever57 · · Score: 3, Informative

      So I actually RTFA, and I see that it is 5 million subdomain names. That is a few hundred subdomains implicated as used by botnets against 5 million. It doesn't support a conclusion that No-IP was somehow in league with the botnet operators or that support for botnets was a significant part of No-IP's business.

      --
      The real "Libtards" are the Libertarians!
  13. Re:This was never about malware by lister+king+of+smeg · · Score: 2

    If you think about it, Microsoft has a close relationship with the NSA - see the _NSAKey scandal.
    Routing all traffic No-ip traffic through MS controlled servers, it can safely be assumed the data was routed to the NSA.
    The full list of no-ip names and associated internet addresses (and thus identities of the users) I think could be a very valuable thing for the government.
    It smells wrong.

    Um you could get their identity by traceing each dns entry to its ip address in most cases

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  14. Great. Now what about Github? by Megane · · Score: 1

    Any update on the Qualcomm DMCA takedowns at Github?

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  15. A quick question, if I may? by Weaselmancer · · Score: 5, Insightful

    Who made Microsoft the fucking internet police anyway?

    --
    Weaselmancer
    rediculous.
    1. Re:A quick question, if I may? by bill_mcgonigle · · Score: 1

      Who made Microsoft the fucking internet police anyway?

      A judge who clearly needs to be impeached for wild and willful violation of the Fifth Amendment.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  16. Re:Thanks M$ by Anonymous Coward · · Score: 1

    Innocent victims (aka the third parties) might have a window for a class action suit versus Microsoft for the damage/losses they caused by this wee stunt. Hurting an innocent third party or few isn't smiled upon I would hope.

  17. Re:There's at least one clear takeaway from this.. by Anonymous Coward · · Score: 1

    It wasn't a load problem. The setup was just wrong (recursive resolvers used as authoritative servers didn't answer non-recursive queries correctly). It wouldn't have worked if Microsoft had given it all the CPU power and network capacity in the world. Garbage in, garbage out.

  18. Re:Short version of article by fustakrakich · · Score: 1

    "Microsoft paid us a metric crap-ton of money..."

    Petty cash... And besides, this "news" is a press release. Everybody got what they were looking for (except the users of the domains) and it will be forgotten like yesterday's lunch. Smells like fish

    --
    “He’s not deformed, he’s just drunk!”
  19. Re:There's at least one clear takeaway from this.. by whoever57 · · Score: 1, Interesting

    It wasn't a load problem. The setup was just wrong (recursive resolvers used as authoritative servers didn't answer non-recursive queries correctly). It wouldn't have worked if Microsoft had given it all the CPU power and network capacity in the world. Garbage in, garbage out.

    The takeaway is either:

    1. No business should use Azure because Azure doesn't scale. OR:
    2. No business should rely on Microsoft services, because Microsoft does not have the necessary competence.

    This is only the latest in a line of screwups by Microsoft in their service offerings.

    --
    The real "Libtards" are the Libertarians!
  20. Re:Tell me please, oh slashdot comments by Lehk228 · · Score: 1

    I don't like Redmond

    so why are you slobbering their knob?

    --
    Snowden and Manning are heroes.
  21. Re:Block all IE browsers by mbeckman · · Score: 1

    I run an ISP. Is it kosher for me to block all IE browser traffic? After all, IE is one of the largest vectors of malware infections on earth. At least I'd be "out there doing some enforcement."

    Microsoft enforcement policy: "Ready! Fire! Aim!"

    BTW, I didn't see where Microsoft apologized for their actions to the Internet community.

  22. Re:Short version of article by JosKarith · · Score: 2

    When the 800-lb gorilla in the room gestures at you to drop your pants the only choice you have is whether he breaks your arm first or not...

    --
    'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'