back to article Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users

Microsoft has won a court order to gain control of 23 No-IP domains owned by dynamic DNS (DDNS) provider Vitalwerks Internet Solutions. The US software giant claimed the domains were being used by malware developed in the Middle East and Africa. Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion …

Silver badge

So a law allows the US courts to seize domain names en masse based on somewhat spurious evidence. I don't agree with it in its current form but I realise that the courts have to make their judgements on how the law is written rather than how they'd like it to be written.

What I really don't understand is why the custody of the domains is handed over to Microsoft. No other law that I'm aware of works this way. If, for example, I report someone for dealing in criminalized drugs the police won't confiscate them and then hand them over to me for safe keeping.

31
4
Bronze badge

By the principle used by Microsoft, I can claim control of any superhighway, as criminals use them for a quick get-away.

No proof needed, only some logs of activity and claims that the activity is illicit and the superhighway is mine. Just as the domain is Microsoft's.

Who needs law enforcement? We have the corporations rescuing us from our wallets contents.

18
3
Silver badge
WTF?

So lets get this right, you are complaining that Microsoft took down a bot net, i presume, becuase no one else could be arsed?

And read the article, they asked the owners to intervene, they couldn't be arsed / or possibly were in league with the crims.

So typical reg reader comments Microsoft = bad.

And as you may read, they had to PROVE in a COURT that it was distributing malware. Now if the law authorities got their arses into gear, then they could've done it, but instead, a private firm had to step in, at their own expense,.

12
33
Silver badge
FAIL

@Wrzd1

Go on then, do it, if it's that fucking easy, go ahead.

Lets see you prove it in court with just some logs and no proof...

10
14
Anonymous Coward

"And read the article, they asked the owners to intervene, they couldn't be arsed / or possibly were in league with the crims."

Suggest you read the article yourself.

Microsoft doesn't claim to have contacted No-IP and "Spokeswoman Natalie Goguen told The Register that Microsoft didn’t contact it before the takeover, and the first the company [No-IP] knew about the court action was when the papers were delivered to the CEO over breakfast today"

And also "Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion it is in league with malware operators."

21
0
Anonymous Coward

"Microsoft took down a bot net"

No, they didn't. Even according to MS's own publicity "We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware." Even following MS reasoning, stopping you from getting infected is not taking down a botnet.

"And as you may read, they had to PROVE in a COURT that it was distributing malware."

Just because a Judge who doesn't know jack about how the internet works agrees with MS lawyers that DNS lookup = malware distribution doesn't make it so. No-IP offers Dynamic DNS not file sharing. No-IP didn't distribute anything. The malware distributer used No-IP as their DNS provider only. The source of malware still exists and there's nothing stopping them from creating new dynamic dns entries with other providers.

Even if this temporary order is won by MS, it will ultimately have very little effect on the malware distribution. The malware distributors will simply find other providers and use those instead; 3-6 months from now it will be business as usual.

24
0

Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?

28
1
Silver badge

Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?

If one thing's clear, they've no idea about planning infrastructure to scale.

Leaving aside the rights and wrongs of being given custody of the DNS, how the fuck have they managed to take custody so that they can filter out the 'bad' but fail to make sure their servers will stand up to the load so the 'good' is unaffected?

17
1
Anonymous Coward

"Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?"

For internet facing infrastructure (ie servers) Microsoft actually have a pretty good security record in recent years. It's actually Linux boxes that are far more likely to be exploited these days and that host most of this stuff.

"they've no idea about planning infrastructure to scale."

The existence / scalability of Azure (the world's second largest 'cloud' I believe) tends to disprove that.

2
18
Anonymous Coward

collateral damage

The point is that Microsoft also brought down millions of innocent domains (like mine), through incompetence.

16
1
Anonymous Coward

The bigger part of Microsoft's internet facing "infrastructure" aren't the server's, but the clients.

4
0

Misinformed, You Are

Actually, Microsoft and IBM for that matter have studiously avoided making public network grade equipment, software, and services. They confine themselves to personal, departmental, and enterprise scale systems. Rightly so, as neither has the skills and organizational disciplines needed. The differences are like night and day.

3
0

@ Lost all faith...

Microsoft also took down my connection to my home server, why should I suffer because half the world uses their shitty software that can be hijacked by the malware?

I have never had problems or lack of productivity/connectivity due to malware/botnets. Now, because of Microsoft I have.

To all the MS Shills out there, yes maybe I should make a note of my dynamic IP address if I need to connect while not at home - but I have a reliable service from NoIP so why should I?

17
0

@ Ben Tasker

By using one old Pentium 486 with an install of Windows 2000 if my no-ip service is anything to go by!

0
0
Silver badge

"they've no idea about planning infrastructure to scale."

The existence / scalability of Azure (the world's second largest 'cloud' I believe) tends to disprove that.

Yes, because Azure has been so reliable. Size != reliability.

The fact that an worldwide outage was caused by MS forgetting to renew a SSL certificate, a week after a 5 day outage on one of their SQL components further reinforces the idea that big != reliable or good, especially when it comes to Azure.

An of course, we fall back to the current situation. If they're any good at planning things to scale, why aint their DNS infrastructure coping eh?

9
0

No the claim is that Microsoft didn't contact the parent company of the the No-IP subdivision. There are no statements that Microsoft didn't contact No-IP, just that they didn't bring it up to the parent.

1
1
Silver badge

Re: they couldn't be arsed

No, MS couldn't be arsed to contact Vitalwerks about the domains.

I fully expect this decision to be overturned on appeal. The fact that Vitalwerks was unaware even of the lawsuit until AFTER the judgement was rendered is the only relevant fact in this case. The judgment is a clear violation of the 4th amendment.

5
0
Silver badge

Re: collateral damage

Please find yourself a good US lawyer and sue them. I mean that honestly as a crazy 'Merkin. With luck you might even get a few of their legal eagles disbarred for perjury in court. Or better yet get the judge who allowed this removed and disbarred for life.

3
0
Bronze badge
Childcatcher

No other law that I'm aware of works this way.

Actually, imminent domain in various US jurisdictions has done just this sort of thing, though to to considerable outcry and ongoing efforts to have the law and office-holders changed.

2
1
Coffee/keyboard

MS Dynamic DNS

Am I the only one thinking that any day now MS will be announcing a new dynamic DNS service powered by Azure, and they will probably cite the downtime from the failure of No-IP as a case study for using their service compared to other less reliable suppliers.

4
0
Bronze badge

There are things we don't know, like just what Microsoft was saying and doing before they went to court, and why US law-enforcement doesn't seem to be involved.

Also, proving something technical to the satisfaction of the judge could be a safeguard, but what does the judge know about computers in general?

We have a rather one-sided story here. I suspect from the article, though I am not sure, that I used to use this service. The example domain names are suggestive, but the operation I used cut off a whole bunch of cheap services. and since I didn't need that sort of service I didn't switch.

There's too many unknowns here.

0
0

Your "Superhighway" is owned/operated by a Government so this analogy falls a little flat.

In the United States, this is a little bit like "Eminent Domain" where Commercial Interests can now "take" private property, with the Court's permission. Formally, only Governments could use Eminent Domain to take property for the public good (after proving that the low ball price they are offering is "market value" of course).

0
0

Re: Misinformed, You Are

"Actually, Microsoft and IBM .. confine themselves to personal, departmental, and enterprise scale system"

What's the difference between an enterprise and a network grade box?

0
0
Silver badge

"Leaving aside the rights and wrongs of being given custody of the DNS, how the fuck have they managed to take custody so that they can filter out the 'bad' but fail to make sure their servers will stand up to the load so the 'good' is unaffected?"

I doubt it's a problem of their systems not scaling, it is more likely that when they seized the domains they simply plonked them on their own dns servers. There is no way they would have also implemented the backend infrastructure required to allow the noip DDNS client to "phone home" and update their A records.

Effectively, they hamfistedly converted all the "dynamic" addresses to static ones (based on their last known IP address) and then wondered why nothing worked. duh

0
0
Vic
Silver badge

There is no way they would have also implemented the backend infrastructure required to allow the noip DDNS client to "phone home" and update their A records.

They didn't actually *need* to do that to effect what they wanted to do.

All they needed to do is to return an authoritative NXDOMAIN for the malware-related subdomains, and pass through everything else to NO-IP's DNS servers. This is trivial stuff.

That they failed to do so speaks volumes :-(

Vic.

0
0
Bronze badge

@Fibbles

So a law allows the US courts to seize domain names en masse based on somewhat spurious evidence. I don't agree with it in its current form but I realise that the courts have to make their judgements on how the law is written rather than how they'd like it to be written.

so, you aren't familiar with The Supreme Court of The United States then, are you?

[the preceding has been brought to you as a public service]

0
0
Silver badge

Re: No other law that I'm aware of works this way.

First up, it's "eminent" domain not "imminent" as your link name clearly indicates. The difference is IMPORTANT. Next up, no eminent domain is not like this either. There is a class which is and that is RICO, but even there the comparison is not quite near enough. Even under RICO there have to be prior legal convictions. That doesn't apply in this case.

1
0

"Lets see you prove it in court with just some logs and no proof..."

You mean in a secret trial where I can present unsubstantiated allegations and point to a log that says nothing much more than, "OMG they have internet activity?"

A trial in which no notice would be given to Microsoft and they wouldn't have their 4th amendment right to confront their accuser with opposing evidence?

A trial in which I could expect a fallacious assertion like "microsoft facilitates distribution of pedophilia images because 95% of such images are recorded, edited, and distributed using their products, to go unchallenged by their defense lawyers because they would be excluded from even knowing about the trial? Just as they have done themselves here...

Interesting that you should demand evidence from someone who just suggested that under these very conditions that he might exploit the same law Microsoft has used here.

:Let's see when this comes to class status if Microsoft can demonstrate that a DNS "provides malware" where the DNS protocol doesn't have any use other than to point at the people who ARE providing the malware.

Let's see if they can defend what will likely be billions in dollars of losses by people who have been more than trivially inconvenienced by this overt abuse.

Let's see if this sets a precedent by which their EULA disclaimer becomes null and void and they becomde financially and or criminally liable for publishing software so inept that fucking children are publishing hacks for it.

Let's see how long MS lasts if they lose the coming case.

and let's see how long they last if they win.

They have painted themselves into a corner... What they have done here, can be done to them by others.

0
0
Bronze badge

Re: No other law that I'm aware of works this way.

I was torn between giving you an up-vote for catching my ridiculous usage error and down-voting for missing the obvious parallel between the judge in the ongoing MS/No-IP mess and the Hackensack Planning Board's use of eminent-with-an-E domain to attempt to take property from one group and give it to another based on it being blighted and in need of redevelopment. This unfortunately has been upheld in various courts as being legal (no prior convictions needed if I recall correctly), prompting various groups to attempt to change the law and to replace office holders. This last is obviously one of the areas where the comparison breaks down. Either way, while I am am not alone in comparing the two, your correction deserves acknowledgement: have an up-vote.

0
0
Silver badge

Good thing...

I use DynDns for my stuff. Thay might have better service too.

Of course, they just started charging for their use, and that gives an audit trail that crooks don't like. Thankfully I'm not (I hope) in that category.

3
4
Anonymous Coward

Re: Good thing...

Just the other day by pure luck I recommended DynDNS to a friend over No-IP. Looks like that turned out to be good advise!

2
3

Re: Good thing...

As far as I am aware all of these sites have an audit trail, they'll record each change of dynamic address, both the new end point and the address of where it was changed from.

I think it's highly likely that someone up to no good will avoid paying for a service with their own money don't you?

And they've borked my No-IP lookup too, which means they're not sticking to the remit of only taking down malware domains.

3
0

Re: Good thing...

DynDns no longer offer a free service though.

0
0

Re: Good thing...

an audit trail? Seriously?

You know what a DNS server does, yes?

It points to an IP and says... "that's the guy you are looking for."

0
0
Anonymous Coward

Re: Good thing...

"You know what a DNS server does, yes?"

Yes, any by that, it can log all those requests: who made it, what they asked for, and what the server answered. That's sufficient for an audit.

0
0
Silver badge

Is there something missing from the story?

I'm not sure where Microsoft comes into the picture.

Why did the domain names get handed to Microsoft? Were they stolen?

11
1
(Written by Reg staff) Silver badge

Re: skelband

"Is there something missing from the story?"

No, but the whole thing is baffling. It's all there and in the linked-to court documents. Microsoft claimed some of the subdomains use MS protected marks, and that No-IP's service was being used to cause:

"the unlawful intrusion into, infection of, and further illegal conduct involving, the personal computers of innocent persons, thereby causing harm to those persons, Microsoft, and the public at large."

So a judge in Las Vegas thought applying the restraining order, and redirecting the nameservers to MS's DNS systems, was just.

C.

9
0
Silver badge

Re: skelband

Microsoft claimed some of the subdomains use MS protected marks,

That's the bit that really baffles me. A number of subdomains get set up infringing a mark and the judge hands the entire domain over? That's bat-shit insane.

And that's before anyone starts on the fact that No-ip serves DNS records not content. The malware could have got the same content just by going to an IP address, and never touching no-ip (though DNS obviously makes life much, much easier from the malware authors PoV :) ), which makes the decision all the more bat-shit crazy.

12
0
Silver badge

Re: That's bat-shit insane.

Welcome to Harry Reid's Nevada.

0
0

Kettle

I would've thought Microsoft could understand having a product that's the victim malware abuse.

10
2
Anonymous Coward

Pity....

... they can't do the same to the infrastructure run by webexxpurts which seems to be nothing but a nest of malware.

1
0

Own goal!

I was wondering why email was not arriving this morning.

Perhaps the judge will assign the Microsoft domains to Vitalwerks on the grounds that Microshaft have just now wilfully done far more damage to innocent users of the Internet than these alleged malware vendors.

17
1
Bronze badge

Re: Own goal!

.... my email is not arriving today either, but I would not connect this with Microsoft.

0
1

Perhaps Microsoft would be better focussing on plugging security holes in their emmental os rather than screwing over the vast majority of no-ip customers who aren't doing anything wrong. Not a good advert for microsoft servers that can't handle the load either :/

11
2
Anonymous Coward

"Perhaps Microsoft would be better focussing on plugging security holes in their emmental os"

Don't they already do quite a good job of that? Significantly better than say OS-X or Linux from the last stats I saw.

"Not a good advert for microsoft servers that can't handle the load either"

No evidence that it's a loading issue I can see other than an unsubstantiated comment - more likely to be a configuration issue - even tens of thousands of DNS requests are not normally particularly taxing to a DNS server.

1
12
Bronze badge
WTF?

How dare you?

Dear AC, couldn't resit when read your hypocritical comment:

Don't they already do quite a good job of that?

What is it job, punishing 4 million users while conducting this withch-hunt? This is not a job well done, I am sorry. Or is the fact that they recommend running an anti-virus to be able to protect yourself from the malware?

Significantly better than say OS-X or Linux from the last stats I saw.

Please show me those last stats, since I assure you that there have been millions of users that have fallen victims to a one sort malware infection or another at least once in their life. There are none on GNU/Linux(unless you show me those stats), there are much less people to suffer on Mac OSX, and if you refer to Android, show the stats of actual number of people that got malware, not all those ads run by the AV companies of how many malware strains are available for download, if you don't mind.

What this accident is actually showing that Microsoft out of incompetence yet again have a bad job setting up a secure software infrastructure and are now trying to (ab)use the law to show even more incompetence.

6
0
Silver badge

99% of all malware-spewing computers use IPv4 adresses!

ICANN ordered to hand them all over!

22
0
Silver badge

They got me

(mystring).serveftp.com is not working right now. Fortunately I do know the IP address of my home so I've just made a copy of the connection details and replaced the hostname with my IP address. I've paid for this 'premium' service, damn it.

So, if anyone misuses a subdomain of serveftp.com, Microsoft can grab the entire domain and stop anyone using it? Bastards.

12
1

I got hit by this too.

In case it's helpful to anyone else, I found that I could still log in to my no-ip account and get the current IP address from there.

If you do a cname redirect from a "real" domain to a no-ip dynamic domain, like I do, you can probably do some DNS magic on the real one to get things back up and limping. It won't survive address changes but it's better than nothing.

I am not sure if no-ip's service is still registering address updates even though it can't resolve them.

2
0
Silver badge

Re: Microsoft can grab the entire domain

Only when they also own the judge. Which it seems in this case they do.

4
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums