back to article Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users

Microsoft has won a court order to gain control of 23 No-IP domains owned by dynamic DNS (DDNS) provider Vitalwerks Internet Solutions. The US software giant claimed the domains were being used by malware developed in the Middle East and Africa. Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion …

  1. Fibbles

    So a law allows the US courts to seize domain names en masse based on somewhat spurious evidence. I don't agree with it in its current form but I realise that the courts have to make their judgements on how the law is written rather than how they'd like it to be written.

    What I really don't understand is why the custody of the domains is handed over to Microsoft. No other law that I'm aware of works this way. If, for example, I report someone for dealing in criminalized drugs the police won't confiscate them and then hand them over to me for safe keeping.

    1. Wzrd1 Silver badge

      By the principle used by Microsoft, I can claim control of any superhighway, as criminals use them for a quick get-away.

      No proof needed, only some logs of activity and claims that the activity is illicit and the superhighway is mine. Just as the domain is Microsoft's.

      Who needs law enforcement? We have the corporations rescuing us from our wallets contents.

      1. Anonymous Coward
        FAIL

        @Wrzd1

        Go on then, do it, if it's that fucking easy, go ahead.

        Lets see you prove it in court with just some logs and no proof...

        1. ModFodder

          "Lets see you prove it in court with just some logs and no proof..."

          You mean in a secret trial where I can present unsubstantiated allegations and point to a log that says nothing much more than, "OMG they have internet activity?"

          A trial in which no notice would be given to Microsoft and they wouldn't have their 4th amendment right to confront their accuser with opposing evidence?

          A trial in which I could expect a fallacious assertion like "microsoft facilitates distribution of pedophilia images because 95% of such images are recorded, edited, and distributed using their products, to go unchallenged by their defense lawyers because they would be excluded from even knowing about the trial? Just as they have done themselves here...

          Interesting that you should demand evidence from someone who just suggested that under these very conditions that he might exploit the same law Microsoft has used here.

          :Let's see when this comes to class status if Microsoft can demonstrate that a DNS "provides malware" where the DNS protocol doesn't have any use other than to point at the people who ARE providing the malware.

          Let's see if they can defend what will likely be billions in dollars of losses by people who have been more than trivially inconvenienced by this overt abuse.

          Let's see if this sets a precedent by which their EULA disclaimer becomes null and void and they becomde financially and or criminally liable for publishing software so inept that fucking children are publishing hacks for it.

          Let's see how long MS lasts if they lose the coming case.

          and let's see how long they last if they win.

          They have painted themselves into a corner... What they have done here, can be done to them by others.

      2. RTNavy

        Your "Superhighway" is owned/operated by a Government so this analogy falls a little flat.

        In the United States, this is a little bit like "Eminent Domain" where Commercial Interests can now "take" private property, with the Court's permission. Formally, only Governments could use Eminent Domain to take property for the public good (after proving that the low ball price they are offering is "market value" of course).

    2. Anonymous Coward
      WTF?

      So lets get this right, you are complaining that Microsoft took down a bot net, i presume, becuase no one else could be arsed?

      And read the article, they asked the owners to intervene, they couldn't be arsed / or possibly were in league with the crims.

      So typical reg reader comments Microsoft = bad.

      And as you may read, they had to PROVE in a COURT that it was distributing malware. Now if the law authorities got their arses into gear, then they could've done it, but instead, a private firm had to step in, at their own expense,.

      1. Anonymous Coward
        Anonymous Coward

        "And read the article, they asked the owners to intervene, they couldn't be arsed / or possibly were in league with the crims."

        Suggest you read the article yourself.

        Microsoft doesn't claim to have contacted No-IP and "Spokeswoman Natalie Goguen told The Register that Microsoft didn’t contact it before the takeover, and the first the company [No-IP] knew about the court action was when the papers were delivered to the CEO over breakfast today"

        And also "Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion it is in league with malware operators."

        1. InsaneGeek

          No the claim is that Microsoft didn't contact the parent company of the the No-IP subdivision. There are no statements that Microsoft didn't contact No-IP, just that they didn't bring it up to the parent.

      2. Anonymous Coward
        Anonymous Coward

        "Microsoft took down a bot net"

        No, they didn't. Even according to MS's own publicity "We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware." Even following MS reasoning, stopping you from getting infected is not taking down a botnet.

        "And as you may read, they had to PROVE in a COURT that it was distributing malware."

        Just because a Judge who doesn't know jack about how the internet works agrees with MS lawyers that DNS lookup = malware distribution doesn't make it so. No-IP offers Dynamic DNS not file sharing. No-IP didn't distribute anything. The malware distributer used No-IP as their DNS provider only. The source of malware still exists and there's nothing stopping them from creating new dynamic dns entries with other providers.

        Even if this temporary order is won by MS, it will ultimately have very little effect on the malware distribution. The malware distributors will simply find other providers and use those instead; 3-6 months from now it will be business as usual.

        1. kraut

          Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?

          1. Ben Tasker

            Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?

            If one thing's clear, they've no idea about planning infrastructure to scale.

            Leaving aside the rights and wrongs of being given custody of the DNS, how the fuck have they managed to take custody so that they can filter out the 'bad' but fail to make sure their servers will stand up to the load so the 'good' is unaffected?

            1. David 18

              @ Ben Tasker

              By using one old Pentium 486 with an install of Windows 2000 if my no-ip service is anything to go by!

            2. Goat Jam

              "Leaving aside the rights and wrongs of being given custody of the DNS, how the fuck have they managed to take custody so that they can filter out the 'bad' but fail to make sure their servers will stand up to the load so the 'good' is unaffected?"

              I doubt it's a problem of their systems not scaling, it is more likely that when they seized the domains they simply plonked them on their own dns servers. There is no way they would have also implemented the backend infrastructure required to allow the noip DDNS client to "phone home" and update their A records.

              Effectively, they hamfistedly converted all the "dynamic" addresses to static ones (based on their last known IP address) and then wondered why nothing worked. duh

              1. Vic

                There is no way they would have also implemented the backend infrastructure required to allow the noip DDNS client to "phone home" and update their A records.

                They didn't actually *need* to do that to effect what they wanted to do.

                All they needed to do is to return an authoritative NXDOMAIN for the malware-related subdomains, and pass through everything else to NO-IP's DNS servers. This is trivial stuff.

                That they failed to do so speaks volumes :-(

                Vic.

          2. Anonymous Coward
            Anonymous Coward

            "Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?"

            For internet facing infrastructure (ie servers) Microsoft actually have a pretty good security record in recent years. It's actually Linux boxes that are far more likely to be exploited these days and that host most of this stuff.

            "they've no idea about planning infrastructure to scale."

            The existence / scalability of Azure (the world's second largest 'cloud' I believe) tends to disprove that.

            1. Anonymous Coward
              Anonymous Coward

              The bigger part of Microsoft's internet facing "infrastructure" aren't the server's, but the clients.

            2. MarymaryQuiteContrary

              Misinformed, You Are

              Actually, Microsoft and IBM for that matter have studiously avoided making public network grade equipment, software, and services. They confine themselves to personal, departmental, and enterprise scale systems. Rightly so, as neither has the skills and organizational disciplines needed. The differences are like night and day.

              1. cyberelf

                Re: Misinformed, You Are

                "Actually, Microsoft and IBM .. confine themselves to personal, departmental, and enterprise scale system"

                What's the difference between an enterprise and a network grade box?

            3. Ben Tasker

              "they've no idea about planning infrastructure to scale."

              The existence / scalability of Azure (the world's second largest 'cloud' I believe) tends to disprove that.

              Yes, because Azure has been so reliable. Size != reliability.

              The fact that an worldwide outage was caused by MS forgetting to renew a SSL certificate, a week after a 5 day outage on one of their SQL components further reinforces the idea that big != reliable or good, especially when it comes to Azure.

              An of course, we fall back to the current situation. If they're any good at planning things to scale, why aint their DNS infrastructure coping eh?

      3. Anonymous Coward
        Anonymous Coward

        collateral damage

        The point is that Microsoft also brought down millions of innocent domains (like mine), through incompetence.

        1. Tom 13

          Re: collateral damage

          Please find yourself a good US lawyer and sue them. I mean that honestly as a crazy 'Merkin. With luck you might even get a few of their legal eagles disbarred for perjury in court. Or better yet get the judge who allowed this removed and disbarred for life.

      4. David 18

        @ Lost all faith...

        Microsoft also took down my connection to my home server, why should I suffer because half the world uses their shitty software that can be hijacked by the malware?

        I have never had problems or lack of productivity/connectivity due to malware/botnets. Now, because of Microsoft I have.

        To all the MS Shills out there, yes maybe I should make a note of my dynamic IP address if I need to connect while not at home - but I have a reliable service from NoIP so why should I?

      5. Tom 13

        Re: they couldn't be arsed

        No, MS couldn't be arsed to contact Vitalwerks about the domains.

        I fully expect this decision to be overturned on appeal. The fact that Vitalwerks was unaware even of the lawsuit until AFTER the judgement was rendered is the only relevant fact in this case. The judgment is a clear violation of the 4th amendment.

      6. Dave Bell

        There are things we don't know, like just what Microsoft was saying and doing before they went to court, and why US law-enforcement doesn't seem to be involved.

        Also, proving something technical to the satisfaction of the judge could be a safeguard, but what does the judge know about computers in general?

        We have a rather one-sided story here. I suspect from the article, though I am not sure, that I used to use this service. The example domain names are suggestive, but the operation I used cut off a whole bunch of cheap services. and since I didn't need that sort of service I didn't switch.

        There's too many unknowns here.

    3. Robert Helpmann??
      Childcatcher

      No other law that I'm aware of works this way.

      Actually, imminent domain in various US jurisdictions has done just this sort of thing, though to to considerable outcry and ongoing efforts to have the law and office-holders changed.

      1. Tom 13

        Re: No other law that I'm aware of works this way.

        First up, it's "eminent" domain not "imminent" as your link name clearly indicates. The difference is IMPORTANT. Next up, no eminent domain is not like this either. There is a class which is and that is RICO, but even there the comparison is not quite near enough. Even under RICO there have to be prior legal convictions. That doesn't apply in this case.

        1. Robert Helpmann??

          Re: No other law that I'm aware of works this way.

          I was torn between giving you an up-vote for catching my ridiculous usage error and down-voting for missing the obvious parallel between the judge in the ongoing MS/No-IP mess and the Hackensack Planning Board's use of eminent-with-an-E domain to attempt to take property from one group and give it to another based on it being blighted and in need of redevelopment. This unfortunately has been upheld in various courts as being legal (no prior convictions needed if I recall correctly), prompting various groups to attempt to change the law and to replace office holders. This last is obviously one of the areas where the comparison breaks down. Either way, while I am am not alone in comparing the two, your correction deserves acknowledgement: have an up-vote.

    4. Aqua Marina
      Coffee/keyboard

      MS Dynamic DNS

      Am I the only one thinking that any day now MS will be announcing a new dynamic DNS service powered by Azure, and they will probably cite the downtime from the failure of No-IP as a case study for using their service compared to other less reliable suppliers.

    5. willi0000000

      @Fibbles

      So a law allows the US courts to seize domain names en masse based on somewhat spurious evidence. I don't agree with it in its current form but I realise that the courts have to make their judgements on how the law is written rather than how they'd like it to be written.

      so, you aren't familiar with The Supreme Court of The United States then, are you?

      [the preceding has been brought to you as a public service]

  2. Herby

    Good thing...

    I use DynDns for my stuff. Thay might have better service too.

    Of course, they just started charging for their use, and that gives an audit trail that crooks don't like. Thankfully I'm not (I hope) in that category.

    1. Anonymous Coward
      Anonymous Coward

      Re: Good thing...

      Just the other day by pure luck I recommended DynDNS to a friend over No-IP. Looks like that turned out to be good advise!

    2. chr0m4t1c

      Re: Good thing...

      As far as I am aware all of these sites have an audit trail, they'll record each change of dynamic address, both the new end point and the address of where it was changed from.

      I think it's highly likely that someone up to no good will avoid paying for a service with their own money don't you?

      And they've borked my No-IP lookup too, which means they're not sticking to the remit of only taking down malware domains.

    3. JohnG

      Re: Good thing...

      DynDns no longer offer a free service though.

    4. ModFodder

      Re: Good thing...

      an audit trail? Seriously?

      You know what a DNS server does, yes?

      It points to an IP and says... "that's the guy you are looking for."

      1. Anonymous Coward
        Anonymous Coward

        Re: Good thing...

        "You know what a DNS server does, yes?"

        Yes, any by that, it can log all those requests: who made it, what they asked for, and what the server answered. That's sufficient for an audit.

  3. Anonymous Coward
    Anonymous Coward

    Is there something missing from the story?

    I'm not sure where Microsoft comes into the picture.

    Why did the domain names get handed to Microsoft? Were they stolen?

    1. diodesign (Written by Reg staff) Silver badge

      Re: skelband

      "Is there something missing from the story?"

      No, but the whole thing is baffling. It's all there and in the linked-to court documents. Microsoft claimed some of the subdomains use MS protected marks, and that No-IP's service was being used to cause:

      "the unlawful intrusion into, infection of, and further illegal conduct involving, the personal computers of innocent persons, thereby causing harm to those persons, Microsoft, and the public at large."

      So a judge in Las Vegas thought applying the restraining order, and redirecting the nameservers to MS's DNS systems, was just.

      C.

      1. Ben Tasker

        Re: skelband

        Microsoft claimed some of the subdomains use MS protected marks,

        That's the bit that really baffles me. A number of subdomains get set up infringing a mark and the judge hands the entire domain over? That's bat-shit insane.

        And that's before anyone starts on the fact that No-ip serves DNS records not content. The malware could have got the same content just by going to an IP address, and never touching no-ip (though DNS obviously makes life much, much easier from the malware authors PoV :) ), which makes the decision all the more bat-shit crazy.

        1. Tom 13

          Re: That's bat-shit insane.

          Welcome to Harry Reid's Nevada.

  4. No. Really!?

    Kettle

    I would've thought Microsoft could understand having a product that's the victim malware abuse.

  5. Anonymous Coward
    Anonymous Coward

    Pity....

    ... they can't do the same to the infrastructure run by webexxpurts which seems to be nothing but a nest of malware.

  6. rogerhill

    Own goal!

    I was wondering why email was not arriving this morning.

    Perhaps the judge will assign the Microsoft domains to Vitalwerks on the grounds that Microshaft have just now wilfully done far more damage to innocent users of the Internet than these alleged malware vendors.

    1. Bronek Kozicki

      Re: Own goal!

      .... my email is not arriving today either, but I would not connect this with Microsoft.

  7. sherbey

    Perhaps Microsoft would be better focussing on plugging security holes in their emmental os rather than screwing over the vast majority of no-ip customers who aren't doing anything wrong. Not a good advert for microsoft servers that can't handle the load either :/

    1. Anonymous Coward
      Anonymous Coward

      "Perhaps Microsoft would be better focussing on plugging security holes in their emmental os"

      Don't they already do quite a good job of that? Significantly better than say OS-X or Linux from the last stats I saw.

      "Not a good advert for microsoft servers that can't handle the load either"

      No evidence that it's a loading issue I can see other than an unsubstantiated comment - more likely to be a configuration issue - even tens of thousands of DNS requests are not normally particularly taxing to a DNS server.

      1. eulampios
        WTF?

        How dare you?

        Dear AC, couldn't resit when read your hypocritical comment:

        Don't they already do quite a good job of that?

        What is it job, punishing 4 million users while conducting this withch-hunt? This is not a job well done, I am sorry. Or is the fact that they recommend running an anti-virus to be able to protect yourself from the malware?

        Significantly better than say OS-X or Linux from the last stats I saw.

        Please show me those last stats, since I assure you that there have been millions of users that have fallen victims to a one sort malware infection or another at least once in their life. There are none on GNU/Linux(unless you show me those stats), there are much less people to suffer on Mac OSX, and if you refer to Android, show the stats of actual number of people that got malware, not all those ads run by the AV companies of how many malware strains are available for download, if you don't mind.

        What this accident is actually showing that Microsoft out of incompetence yet again have a bad job setting up a secure software infrastructure and are now trying to (ab)use the law to show even more incompetence.

  8. Destroy All Monsters Silver badge

    99% of all malware-spewing computers use IPv4 adresses!

    ICANN ordered to hand them all over!

  9. frank ly

    They got me

    (mystring).serveftp.com is not working right now. Fortunately I do know the IP address of my home so I've just made a copy of the connection details and replaced the hostname with my IP address. I've paid for this 'premium' service, damn it.

    So, if anyone misuses a subdomain of serveftp.com, Microsoft can grab the entire domain and stop anyone using it? Bastards.

    1. Tasogare

      I got hit by this too.

      In case it's helpful to anyone else, I found that I could still log in to my no-ip account and get the current IP address from there.

      If you do a cname redirect from a "real" domain to a no-ip dynamic domain, like I do, you can probably do some DNS magic on the real one to get things back up and limping. It won't survive address changes but it's better than nothing.

      I am not sure if no-ip's service is still registering address updates even though it can't resolve them.

    2. Tom 13

      Re: Microsoft can grab the entire domain

      Only when they also own the judge. Which it seems in this case they do.

  10. Anonymous Coward
    Anonymous Coward

    How much will M$ pay me

    I'm affected by your action Microsoft, how much will you pay me in compensation?

    1. Martin-73 Silver badge

      Re: How much will M$ pay me

      I'd say they were in breach of the misuse of computers act here (basically it's a huge denial of service attack). Sue the US legal system, extradite the judge? :D

      1. ModFodder

        Re: How much will M$ pay me

        Rendition the judge to dev/null without a trial

  11. DropBear

    Oh gee...

    ...thanks, Microsoft, for not being able to reach the home box now.

    1. Nathanial Wapcaplet

      Re: Oh gee...

      worse that that around here - the two local computer shops apparently use NoIP (paid-for services) for their SOHO customers, so hundreds are down.

  12. Anonymous Coward
    Stop

    Let's clear it up...

    "Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. "

    Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. "

    " Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct"

    Sorry, but No-IP are either a bunch of cowboys, or getting paid a shitload of cash...

    1. petur
      Thumb Down

      Re: Let's clear it up...

      That's all according to Microsoft. No-IP said they weren't contacted.

      So: no conclusions can be drawn until some proof shows up showing they were contacted or not.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let's clear it up...

      If malware writers exploited ActiveX in Internet Explorer to download malware and it was the most common form of infection for PCs running IE for certain strains of malware and if Microsoft knew it was happening but kept producing new version of IE that contained ActiveX with the ability to load on this malware, should Microsoft lose Internet Explorer and it be handed over to a private company, say Netscape to administer?

      Just hypothetical of course?

    3. Ben Tasker

      Re: Let's clear it up...

      Remember it's not No-ip hosting the content either.

      " Despite numerous reports by the security community on No-IP domain abuse"

      I find the structure of this sentence interesting, to me it reads as though it's talking about Papers and articles (reports on), and not reports to No-IP. Given they are just hosting DNS records, without a list of affected subdomains what precisely are they supposed to do?

      1. Whiskers

        Re: Let's clear it up...

        I think the Cisco blog article related to this discussion is here (dated 11th Feb 2014) <http://blogs.cisco.com/security/dynamic-detection-of-malicious-ddns/>. At the time of reading, there are two comments shown - one from No-IP referencing a blog article of their own in response, and inviting contact, and the other from Cisco saying they'll be in touch.

        So No-IP were certainly aware of Cisco's figures and concerns. But we don't know what they were doing about them.

        How long would it take to manually delete sub-domains from a list of (say) 20,000?

    4. ModFodder

      Re: Let's clear it up...

      Because 100% of all systems which fall victim to windows exploits run windows OSs...

      Sounds like a pretty clear-cut impeachment of microsoft.

      We should have MS seized because they facilitate windows exploits by publishing vulnerable OSs?

  13. RyokuMas
    Paris Hilton

    Bet your life...

    ... that if this were some kind of Android malware strain and Google had been handed control of the servers, these comments would have a very different tone...

    1. rizb

      Re: Bet your life...

      Major difference - Google don't give a shit about malware on their platform.

      1. Bladeforce

        Re: Bet your life...

        ..Prob because your efinition of malware is probably built up by how malware works within a windows environment yet in a Linux environment malware just isnt in the same league as its windows cousin

        1. Anonymous Coward
          Anonymous Coward

          Re: Bet your life...

          "yet in a Linux environment malware just isnt in the same league as its windows cousin"

          You must have missed the arrival of Android.

          1. eulampios
            WTF?

            Re: Bet your life...

            Yes I missed it too, so tell us the stats of how many Android user have willingly installed trojaned apps while 1) allowing to install outside of Google play and 2) having slept through all the obvious warnings presented in the permissions page.

            It would be interesting to compare it with those glorious days of the Loveletter, Conficker, Stuxnet et al

    2. ModFodder

      Re: Bet your life...

      because a fallacy of equivocation seems more reasonable to you if it comes from someone other than Microsoft?

      Software will do nothing more and nothing less than what it is coded to do. If a malware exploits an unintended feature of a software, it means that the fault lies with the intention of the coder who wrote it by failing to frame the function of the code specifically enough.

      Those who exploit such weaknesses in software are annoying but how is that a responsibility of any but the writer of the code being exploited and the writer of the code exploiting it?

      Would you sue your neighhbor for owning a car, just because someone else hit you with a car?

      Is membership to the set All People Who Own Cars an attribute which makes all car owners guilty for the actions of one? If you got hit by the car because the driver was doing something stupid, but you weren't watching where you were walking either, shouldn't you share the blame for the consequences?

      Why should your neighbor share any of the consequences just by owning a car?

  14. Mike Taylor

    They might not have been contacted about this specific action, but has anyone else looked at the amount of traffic No-IP were directing according to Cisco. At the beginning of the year? Because there certainly was a conversation being had between NG and Cisco

    http://www.noip.com/blog/2014/02/12/cisco-malware-report/

    It would be good to see the evidence that MS laid in front of the court, to get a fuller picture. But I don't think No-IP can say this has come out of the blue

  15. b166er

    Official statement from No-IP here:

    Formal Statement Microsoft Takedown

    It's affecting our webcam this morning :(

  16. Anonymous Coward
    Anonymous Coward

    That's like selling the Postal Service....

    ... because criminals are using stamps to send letter bombs

  17. GreyWolf

    Accused of providing composting info to cybercriminals...

    ... We are a website in a rural village in Suffolk where those who compost their own food and green waste keep a record of what weights they have recycled. We hope to demonstrate that doing your own food and green waste recycling is worth the (minor) effort. This is of course exactly what cybercriminals need to know, and Microsoft wish to hush up.

    Our site is unreachable because Microsnot are NOT doing what they said they would - they are not allowing innocent traffic through (or they are too incompetent to do the filtering fast enough, before the timeouts).

    1. Anonymous Coward
      Big Brother

      Re: Accused of providing composting info to cybercriminals...

      > Our site is unreachable because Microsnot are NOT doing what they said they would

      Buy a static IP from your ISP, that's what they're for.

      1. Lost in Cyberspace

        Re: Accused of providing composting info to cybercriminals...

        Static IPs don't work if you move your equipment between connections (e.g a laptop that needs to be accessed remotely), transfers between landline and 3G etc.

        Additionally, I distributed a remote support UVNC-SC app to over 800 clients - using a premium No-IP domain to call in - in case I ever needed to change my static IP (move to a new office, change ISP, work from home etc).

        A static IP doesn't always cut it. Nor does No-IP evidently.

        1. Anonymous Coward
          Big Brother

          Re: Accused of providing composting info to cybercriminals...

          "Static IPs don't work if you move your equipment between connections"

          Relying on a dynamic IP is a bit of a hack for whatever usability you are trying to achieve. It also introduces security issues. According to this, UVNC-SC connects to a reserved IP address, so how do the remote clients know which IP address to allow incoming connections on.

  18. Captain Hogwash
    Flame

    Thank you Microsoft

    Without your help I would not have seen the light. You have shown me how unreliable my Owncloud server is. You have made aware of the fact that for reliable online services I should choose from the many excellent products available from Microsoft. I am forever in your debt.

    </sarcasm>

  19. Whiskers

    Punishing the victims

    Surely, as Microsoft know so much about this malware and (I hope) know all there is to know about their own operating systems, they are in a position to stop the malware from functioning at all? A court order obliging them to do so would be a lot fairer than one that virtually destroys at least one independent business and interferes with a great many innocent legitimate internet users.

    Why couldn't Microsoft just give their list of dodgy domain names to No-IP and get a court order requiring them to re-direct all traffic to or from them to some disinterested party for forensic analysis? Microsoft are not at all disinterested in this matter.

    1. Anonymous Coward
      Anonymous Coward

      Re: Punishing the victims

      "Why couldn't Microsoft just give their list of dodgy domain names to No-IP and get a court order requiring them to re-direct all traffic to or from them to some disinterested party for forensic analysis?"

      To permanently take down a botnet, you need to wipe out all of the C&C infrastructure before the writers can react - and update the system to use new addresses. If No-IP hadn't responded to requests to remove this traffic then Microsoft could have suspected that No_IP might tip-off it's malware domain customers...

      1. Whiskers

        Re: Punishing the victims

        "To permanently take down a botnet, you need to wipe out all of the C&C infrastructure before the writers can react - and update the system to use new addresses."

        That's one approach. Just as rounding up the wandering cattle is one approach to fence design - but a better fence makes the roundup un-necessary. In this case, the fence was built by Microsoft; No-IP are just one of the neighbours over-run by the strays.

      2. ModFodder

        Re: Punishing the victims

        Which is irrelevant.

        That's indistinguishable from saying, "We ought to turn over control of the internet to microsft because there are spammers, crackers and trolls. If you were to attempt to remove them from just one service they would just turn it into a game of whack-a-mole."

        Yeah... that.

        Here's an idea.

        Take action against the IP the name resolves to and leave the masses of people just hosting a home website or game server for friends and family the hell out of it.

        By "tip off" the people using a free service that doesn't exactly hold any vested interest for no-ip.com, you must mean that the malware author might become aware that they had been discovered if their account was terminated for violations of ToS? Sorta like microsoft shouldn't be trusted to handle spam on Hotmail.com because they will obviously only warn their "malware customers."

        Let me know when you sort through that head-full of cognitive dissonance and can offer something that doesn't reek of malicious gossip and overt fallacy.

        1. Whiskers

          Re: Punishing the victims

          I do hope that "head-full of cognitive dissonance" clears up soon.

          The only effective cure or prevention of a malware plague, is to design &/or re-design the software being attacked so that the malware cannot function. That should be Microsoft's prime concern and main focus of effort. It's nice that they want to help clear up the mess (albeit more than 20 years late), but there are plenty of others who can do that at least as effectively; only Microsoft can do anything about Microsoft's software, because they don't let anyone else touch it.

  20. d3rrial

    Great Opportunity

    Next Microsoft only have to say that most malware infections come from Google search results and they want the google.com domain.. Then they can just redirect it to 'bing' and get more than 2 people using their search engine!

    1. Anthony Hegedus Silver badge

      Re: Great Opportunity

      What utter crap! you mean to say there are two people using their search engine? What search engine anyway???

  21. Anonymous Coward
    Anonymous Coward

    Oh FFS

    I somehow doubt that NO-IP knew nothing about this, more like they did bugger all when notified (oh but we are only providing a DNS lookup it's not our problem)

    Seems Cisco had didn't get much response in the past and I wonder how many other companys have had the same members of the NO-IP rapid response unit respond to them?

    Perhaps MS went in with a big stick, but sure as hell enough people complain when nobody takes any action.

    Of course if it had been somebody connected with a linux distribution nobody would have minded.

  22. Stretch

    Surely this is then precedent for MS to take over every single TLD that ever had a subdomain containing any trademark of theirs?

    How exactly do they appoint judges over there in crazyland anyway? Raffle at church on sunday?

    1. d3rrial

      Unfotunately I don't know the validity of this article but look here for a nice precedent:

      http://www.timesofisrael.com/israeli-us-terror-victims-now-own-irans-internet

      1. Anonymous Coward
        Mushroom

        oh fun

        To take it one step further, using Microsoft's latest fucked-up reasoning, Why stop at the domain level when you can simply sieze the TLD? Anyone want to make a bid on .com? What about .net? .us, anyone? Weren't they trying to do this with .cc several years ago?

  23. David 18

    Those repulsive, putrid, moronic cretins at Microsoft have really gone too far this time. I am unaffected by most malware because I avoid Windows as much as possible.

    Now I find that because of their high-handed actions and inability to cope with large volumes of traffic I cannot connect to my home server to do what I need to do for work.

    Just who the the hell do those F###ing ####-guzzling ###ts think they are!

    1. Richard Plinston

      > I avoid Windows as much as possible.

      > I cannot connect to my home server

      Job done!!

  24. Anonymous Coward
    Anonymous Coward

    Fucked

    Some of my customers are using no-ip services for their SBS servers at home. This has worked for years and years and years. And now today, it isn't.

    Thanks, Microsoft.

    1. Anonymous Coward
      Anonymous Coward

      Re: Fucked

      Try and leave a comment on their blog article, and it says the comment requires "moderation" -- yeah, fat chance of that appearing then

      1. SimonB

        Re: Fucked

        You need to make sure you email the author of one of the blogs too (link on the right hand side) asking when service will be restored:

        http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx

        And also send feedback to this blog:

        http://blogs.technet.com/b/security/archive/2014/06/30/microsoft-takes-legal-action-to-fight-malware-bladabindi-and-jenxcus.aspx

        1. Ben Tasker

          Re: Fucked

          You need to make sure you email the author of one of the blogs too (link on the right hand side) asking when service will be restored:

          Yup, Mr Boscovich was indeed included in the recipient list.

          Have ignored the temptation to add a comment to either post though, generally companies are less willing to just cough up if they feel you've gone out of you way to publicise/publically deride the issue.

          Don't send it directly. First contact your law firm (if you don't have one I recommend Dewey, Suem, and Howe) and have them send the bill as an attachment to an official letter.

          When I send 'gimme-money' letters (not that it's that regular), I tend to give a 14 day period to resolve it before I both the lawyers. Works for the most part (I've got a success rate of 98%, though I suspect MS will drag that down shortly), especially if I have the good sense to proof read and make sure I've not dropped a bollock somewhere in what I've written.

          Slightly different if I was responding to a similar letter though, that'd always get looked over by a lawyer from the outset.

          1. Tom 13
            Thumb Up

            Re: I tend to give a 14 day period to resolve it

            Under most circumstances I heartily approve of your standard practice. It is only because of the egregious nature of this particular incident that I went directly to the lawyers.

    2. Ben Tasker

      Re: Fucked

      I figured I'd send MS an invoice for the time I've spent fixing the resulting issues, given that as a third party not covered/protected by my contract with NOIP, they've become the de-facto service provider and fucked everything up through sheer incompetence

      1. Tom 13

        Re: Fucked

        If I might suggest?

        Don't send it directly. First contact your law firm (if you don't have one I recommend Dewey, Suem, and Howe) and have them send the bill as an attachment to an official letter.

  25. Anonymous Coward
    Anonymous Coward

    Payback

    I stay out of the OS war flame threads on The Register but this has me incensed, I have a preference for Linux but use MS wares for work and actually think some of their stuff is OK.

    I am an innocent caught in the crossfire, along with many others. MS needs to get the legitimate requests passing through now or get what they deserve. This whole thing stinks of corruption.

    Lets hope some of the darker side really go to town on Microsoft's websites, there are probably enough people with the skills that might now have the inclination that didn't previously. As far as I am concerned MS has broken the law, forget the toy pretend law that they sell in America, but here in the free world.

  26. slack

    Add me to the list of people burned by this today. Unreal.

    Years of happily toddling along with no-ip and then out of the blue I get zapped by MS through no fault of my own. Screw them.

  27. Tom 13

    One other suggestion for NoIP users

    In addition to suing the pants off MS, drop a tenner in the mail to NoIP. Maybe they could use some additional staff. It certainly sounds like a lot of you are getting at least a tenner's worth of service from them.

    1. Anonymous Coward
      Anonymous Coward

      Re: One other suggestion for NoIP users

      They already got my money, as I paid for a NoIP address which I use for a VPN tunnel (since VPN certificates are tied specifically to domain).

  28. Marshalex

    Thank's Microsoft

    That is all, no remote access to any of my (ironically) System Center Dev environment remotely today. What a bunch of jokers. I would imagine a class action won't be too far away after this.

    I wonder if next time I find a security flaw in a microsoft product I can go to court with it and claim said product.

  29. PJD

    Collateral damage

    Yup,my mail server 'disappeared' this morning. While I'm out of the country and can't physically access the machine. And it's still happily pulling down mail from external accounts via pop.. Fortunately the ip address the domain was pointing to is still listed in my account details on no-ip's website, so I've been able to connect via the ip address and switch services, but I've just wasted a morning while on an expensive business trip. Good one microsoft, nice well-targetted action there..

  30. bigtimehustler

    Given this precedent isn't it about time I filed court papers demanding Microsoft hand over all IP related to the Windows Operating system? Given that it is this piece of software the malware is actually operating on and exploiting and Microsoft has consistently been unable or unwilling to prevent it, they should be held negligent and someone else put in control of their software.

  31. Anonymous Coward
    Big Brother

    No-IP should use digitally signed DNS

    I think the kratocracy did well here, the force is much strong here.

    "Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity,"

    'Microsoft accused the DNS biz of acting negligently, and claimed some of the sub-domains contained "Microsoft’s protected marks"'

    No-IP should use digitally signed DNS if they want to avoid being used to spread malware.

    How exactly do they make their money?

    1. ModFodder

      Re: No-IP should use digitally signed DNS

      Really?

      You rant about what no-ip.com should do and then ask what their business does?

      Since Google seems to be out of your reach, I'll explain.

      No-IP.com is a DNS provider who have a portion of their service free to non-commercial use.

      Just like Google has paid services that afford them the ability to offer free services.

      DNSSEC does nothing that prevents some punk from registering a domain name.

      It is a protocol designed to prevent cache poisoning and zone enumeration.

      Basically you have no idea what you are talking about but for some reason this doesn't seem to restrain your urge to let us all know that you don't.

      1. Anonymous Coward
        Big Brother

        Re: No-IP should use digitally signed DNS

        "You rant about what no-ip.com should do"

        It's a public forum, I post my opinions, you don't have to agree with them.

        "and then ask what their business does? Since Google seems to be out of your reach, I'll explain."

        It was easier getting you to do it for me.

  32. Anonymous Coward
    Anonymous Coward

    Make a nuisance of ourselves?

    Seems to me that if all affected email, tweet, use facebook to contact Micro$oft they might do something.

  33. Nuno trancoso

    They (owners of No-IP) should think of getting a class action suit started on behalf of all their affected customers (paying and otherwise).

    I'd suck up if the judge had ordered said subdomains taken down and accounts blocked, but handing over the whole shebang to M$? Ludicrous at best, abuse at worst.

  34. RTNavy

    Iraq Civil War--Using No-IP DDNS to spread malware

    Just take a look at a story where the use of DDNS and No-IP is being used specifically for "bad" http://www.theregister.co.uk/2014/07/01/iraq_civil_war_malware/

  35. colinm

    Manual lookup howto

    You can manually look up your dynamic IP by specifically querying noip's DNS servers, e.g.

    $ dig hostname @nf1.no-ip.com (or nf2, nf3, nf4 or nf5)

  36. Anonymous Coward
    Anonymous Coward

    Here's an idea for you Microsoft

    Try fixing your software.

  37. Goat Jam
    Flame

    Optional

    I don't even USE Microsoft crap and STILL they manage to create a nightmare for me. I only just signed up for a noip sub domain after ill advisedly changing ISP's and neglecting to check that I could get a static IP. My bad, I should have done my homwork so I sucked it up and setup dynamic dns.

    TWO DAYS LATER MICROSOFT YANKS THE FUCKING DOMAIN

    H8 H8 H8 H8

  38. ModFodder

    Microsoft's Fallacy of Equivocation

    What Microsoft alleges is that no-up.com is evil, because it found evidence of evil on a few no-ip.com subdomains.

    Because spammers, scammers, crakers and trolls NEVER use Hotmail.com.

    Bottom feeders use whatever resources present themselves including Microsoft's own services.

    A DNS service isn't even passing questionable data traffic, it's just pointing to the IP that is.

    This is similar to shooting all persons with the surname Jones, because someone named Jones pulled a gun.

    The judge who thought this made sense doesn't belong on the bench.

    1. Jamie Jones Silver badge
      Joke

      Re: Microsoft's Fallacy of Equivocation

      " This is similar to shooting all persons with the surname Jones, because someone named Jones pulled a gun."

      Oy! Don't give them ideas!

      *hmmf*

    2. Whiskers

      Legalistic spin

      I suspect that the lawyers made much of their allegation that some of the sub-domain names resembled Microsoft trade-marks (and were thus "stolen" from Microsoft) and their assertion that No-IP were damaging Microsoft and Microsoft's customers - either on purpose or by incompetence. That would tend to make a judge sympathetic to Microsoft's request that certain domain names should be handed over to them.

      If No-IP were not represented in court or had failed to lodge a written response to Microsoft's complaint (for whatever reason), the court may have had no option but give Microsoft everything they asked for.

  39. Jamie Jones Silver badge

    The irony...

    MS attack a third party to halt something caused by bugs in *their* software.....

    1. rizb
      WTF?

      Re: The irony...

      As I understand it, it's to defeat a bot net created through use of Trojans.

      Are you suggesting that allowing a user the ability to install software which communicates over the internet is a bug?

      How do you reconcile this suggestion with other hate-cries about Internet Explorer since it would inevitably mean that you literally could not install any other browser (or mail client or utility).

      1. Jamie Jones Silver badge
        Happy

        Re: The irony...

        "As I understand it, it's to defeat a bot net created through use of Trojans.

        Are you suggesting that allowing a user the ability to install software which communicates over the internet is a bug?"

        Hah! not at all, and if this is soley due to users intentionally installing software, I withdraw my comment.

        However, how many of these are 'advertised' as programs that require specific installing as such, and how much are exe's mascarading as PDFs etc.?

        How many grant themselves the right to auto-start without the users knowledge?

        How do you reconcile this suggestion with other hate-cries about Internet Explorer since it would inevitably mean that you literally could not install any other browser (or mail client or utility).

        But that was never my suggestion.... Getting dangerously close to a strawman argument here!

  40. ModFodder

    @ RTNavy

    So, by this you mean to say that Iraq is an ubiquitous population and that the actions of a few people reflect upon an entire population... and that therefore all users of no-ip.com then are guilty of the actions of that group by virtue of their using no-ip.com's services...

    What about the email services they also used?

    Should hotmail.com be included in that fallacy of composition?

    Should Microsoft be held responsible because the malware was written to exploit Windows code?

  41. hayzoos

    How many of the innocent No-IP customers are Microsoft customers and how many former Microsoft customers? Statistically, most of them. Good customer relations there MS. Am I surprised? Not! Some just excel shooting thyself in the foot, then appearing to be the hero.

  42. Anonymous Coward
    Anonymous Coward

    Microsoft Security Blog

    I see there are no comments on the Microsoft security blog, strange that.

  43. Anonymous Coward
    Anonymous Coward

    WTF

    Microsoft have just demonstrated that they actually dont know evrything about everything.

    David Finn has the front to say that they are sorry for the inconvenience to legitimate No-IP clients, of which I am a paying one, rather tahn a freebie one, and that they have resolved the issues and everything is OK. What f'ing planet is this guy on? He should check the facts before making such a stupid statement...

    The first I knew of this was when my FTP server didnt get any datafeeds from suppliers which impacts my business - also my emails stopped working. I couldnt RDP onto my remote Exchange server to see what was going on... it was only when I realised that 3 servers couldnt have all simultaneuosly failed that I started looking at DNS and then saw what David Finn had done to me.

    So two days later, contrary to MS's spokes person insisting all is dandy, I still have no routing via No-IP services.

    So I have had to set up new DNS forwarding, using a new company, notify 22 suppliers that they need to update my stock feed FTP address, reset MX records for mail and wait 24 hours for the whole thing to propogate.

    In short with time and expense this has probably cost me £500 - not a great deal, but multiply this by 4 million - the cost of this cock up could be millions and millions of pounds globally. Whats the address for us all to join a global law suit for compensation?

    At this moment mine is still not working and I have had to write to No-IP asking for a refund as I cant see an end to this and have had to move away from them and switching back will mean another 24-48 hours of downtime.

    I feel really sorry for the guys at No-IP as I have used them for over 7 years and they have always been great - but I reckon bully boy tactics from MS might be the end of them :(

  44. Juan Tamad

    Fscked

    Microsoft is now hijacking domains

    So what will happen to those emails attached to domains?

    It is not only for name hosting but also for mail mx

  45. Juan Tamad

    So does this means that Microsoft can now get all traffic from those domains since they are now allowed to to take over those hostnames?

  46. roger stillick
    Coat

    MS, IPv4, n Azure... not the problem = Internet providers w/ DNS servers are the bad guys...

    Current paradigsm of everything having a static IP address assumes IPv6 addresses...

    MS, Azure, n ElCheepo Internet providers use IPv4 w/ DNS servers (in-house or NOT)...

    IMHO = Eventually, the only folks not using IPv6 will be MS folks n Bot-net wranglers... a little maturity by the MS folks could go a long way (use IPv6 service providers - only).

    SW users could make this a non-issue (or just use different provider / SW)... that questionable IPv4 DNS server would not be in the loop at all, anywhere...RS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like