Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users Microsoft has won a court order to gain control of 23 No-IP domains owned by dynamic DNS (DDNS) provider Vitalwerks Internet Solutions. The US software giant claimed the domains were being used by malware developed in the Middle East and Africa. Vitalwerks operates its No-IP DDNS service from Nevada, and there is no suggestion …
"Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. "
Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. "
" Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct"
Sorry, but No-IP are either a bunch of cowboys, or getting paid a shitload of cash...
If malware writers exploited ActiveX in Internet Explorer to download malware and it was the most common form of infection for PCs running IE for certain strains of malware and if Microsoft knew it was happening but kept producing new version of IE that contained ActiveX with the ability to load on this malware, should Microsoft lose Internet Explorer and it be handed over to a private company, say Netscape to administer?
Just hypothetical of course?
Remember it's not No-ip hosting the content either.
" Despite numerous reports by the security community on No-IP domain abuse"
I find the structure of this sentence interesting, to me it reads as though it's talking about Papers and articles (reports on), and not reports to No-IP. Given they are just hosting DNS records, without a list of affected subdomains what precisely are they supposed to do?
I think the Cisco blog article related to this discussion is here (dated 11th Feb 2014) <http://blogs.cisco.com/security/dynamic-detection-of-malicious-ddns/>. At the time of reading, there are two comments shown - one from No-IP referencing a blog article of their own in response, and inviting contact, and the other from Cisco saying they'll be in touch.
So No-IP were certainly aware of Cisco's figures and concerns. But we don't know what they were doing about them.
How long would it take to manually delete sub-domains from a list of (say) 20,000?
Yes I missed it too, so tell us the stats of how many Android user have willingly installed trojaned apps while 1) allowing to install outside of Google play and 2) having slept through all the obvious warnings presented in the permissions page.
It would be interesting to compare it with those glorious days of the Loveletter, Conficker, Stuxnet et al
because a fallacy of equivocation seems more reasonable to you if it comes from someone other than Microsoft?
Software will do nothing more and nothing less than what it is coded to do. If a malware exploits an unintended feature of a software, it means that the fault lies with the intention of the coder who wrote it by failing to frame the function of the code specifically enough.
Those who exploit such weaknesses in software are annoying but how is that a responsibility of any but the writer of the code being exploited and the writer of the code exploiting it?
Would you sue your neighhbor for owning a car, just because someone else hit you with a car?
Is membership to the set All People Who Own Cars an attribute which makes all car owners guilty for the actions of one? If you got hit by the car because the driver was doing something stupid, but you weren't watching where you were walking either, shouldn't you share the blame for the consequences?
Why should your neighbor share any of the consequences just by owning a car?
They might not have been contacted about this specific action, but has anyone else looked at the amount of traffic No-IP were directing according to Cisco. At the beginning of the year? Because there certainly was a conversation being had between NG and Cisco
http://www.noip.com/blog/2014/02/12/cisco-malware-report/
It would be good to see the evidence that MS laid in front of the court, to get a fuller picture. But I don't think No-IP can say this has come out of the blue
Official statement from No-IP here:
Formal Statement Microsoft Takedown
It's affecting our webcam this morning :(
... We are a website in a rural village in Suffolk where those who compost their own food and green waste keep a record of what weights they have recycled. We hope to demonstrate that doing your own food and green waste recycling is worth the (minor) effort. This is of course exactly what cybercriminals need to know, and Microsoft wish to hush up.
Our site is unreachable because Microsnot are NOT doing what they said they would - they are not allowing innocent traffic through (or they are too incompetent to do the filtering fast enough, before the timeouts).
Static IPs don't work if you move your equipment between connections (e.g a laptop that needs to be accessed remotely), transfers between landline and 3G etc.
Additionally, I distributed a remote support UVNC-SC app to over 800 clients - using a premium No-IP domain to call in - in case I ever needed to change my static IP (move to a new office, change ISP, work from home etc).
A static IP doesn't always cut it. Nor does No-IP evidently.
"Static IPs don't work if you move your equipment between connections"
Relying on a dynamic IP is a bit of a hack for whatever usability you are trying to achieve. It also introduces security issues. According to this, UVNC-SC connects to a reserved IP address, so how do the remote clients know which IP address to allow incoming connections on.
Without your help I would not have seen the light. You have shown me how unreliable my Owncloud server is. You have made aware of the fact that for reliable online services I should choose from the many excellent products available from Microsoft. I am forever in your debt.
</sarcasm>
Surely, as Microsoft know so much about this malware and (I hope) know all there is to know about their own operating systems, they are in a position to stop the malware from functioning at all? A court order obliging them to do so would be a lot fairer than one that virtually destroys at least one independent business and interferes with a great many innocent legitimate internet users.
Why couldn't Microsoft just give their list of dodgy domain names to No-IP and get a court order requiring them to re-direct all traffic to or from them to some disinterested party for forensic analysis? Microsoft are not at all disinterested in this matter.
"Why couldn't Microsoft just give their list of dodgy domain names to No-IP and get a court order requiring them to re-direct all traffic to or from them to some disinterested party for forensic analysis?"
To permanently take down a botnet, you need to wipe out all of the C&C infrastructure before the writers can react - and update the system to use new addresses. If No-IP hadn't responded to requests to remove this traffic then Microsoft could have suspected that No_IP might tip-off it's malware domain customers...
"To permanently take down a botnet, you need to wipe out all of the C&C infrastructure before the writers can react - and update the system to use new addresses."
That's one approach. Just as rounding up the wandering cattle is one approach to fence design - but a better fence makes the roundup un-necessary. In this case, the fence was built by Microsoft; No-IP are just one of the neighbours over-run by the strays.
Which is irrelevant.
That's indistinguishable from saying, "We ought to turn over control of the internet to microsft because there are spammers, crackers and trolls. If you were to attempt to remove them from just one service they would just turn it into a game of whack-a-mole."
Yeah... that.
Here's an idea.
Take action against the IP the name resolves to and leave the masses of people just hosting a home website or game server for friends and family the hell out of it.
By "tip off" the people using a free service that doesn't exactly hold any vested interest for no-ip.com, you must mean that the malware author might become aware that they had been discovered if their account was terminated for violations of ToS? Sorta like microsoft shouldn't be trusted to handle spam on Hotmail.com because they will obviously only warn their "malware customers."
Let me know when you sort through that head-full of cognitive dissonance and can offer something that doesn't reek of malicious gossip and overt fallacy.
I do hope that "head-full of cognitive dissonance" clears up soon.
The only effective cure or prevention of a malware plague, is to design &/or re-design the software being attacked so that the malware cannot function. That should be Microsoft's prime concern and main focus of effort. It's nice that they want to help clear up the mess (albeit more than 20 years late), but there are plenty of others who can do that at least as effectively; only Microsoft can do anything about Microsoft's software, because they don't let anyone else touch it.
I somehow doubt that NO-IP knew nothing about this, more like they did bugger all when notified (oh but we are only providing a DNS lookup it's not our problem)
Seems Cisco had didn't get much response in the past and I wonder how many other companys have had the same members of the NO-IP rapid response unit respond to them?
Perhaps MS went in with a big stick, but sure as hell enough people complain when nobody takes any action.
Of course if it had been somebody connected with a linux distribution nobody would have minded.
Those repulsive, putrid, moronic cretins at Microsoft have really gone too far this time. I am unaffected by most malware because I avoid Windows as much as possible.
Now I find that because of their high-handed actions and inability to cope with large volumes of traffic I cannot connect to my home server to do what I need to do for work.
Just who the the hell do those F###ing ####-guzzling ###ts think they are!
You need to make sure you email the author of one of the blogs too (link on the right hand side) asking when service will be restored:
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx
And also send feedback to this blog:
http://blogs.technet.com/b/security/archive/2014/06/30/microsoft-takes-legal-action-to-fight-malware-bladabindi-and-jenxcus.aspx
You need to make sure you email the author of one of the blogs too (link on the right hand side) asking when service will be restored:
Yup, Mr Boscovich was indeed included in the recipient list.
Have ignored the temptation to add a comment to either post though, generally companies are less willing to just cough up if they feel you've gone out of you way to publicise/publically deride the issue.
Don't send it directly. First contact your law firm (if you don't have one I recommend Dewey, Suem, and Howe) and have them send the bill as an attachment to an official letter.
When I send 'gimme-money' letters (not that it's that regular), I tend to give a 14 day period to resolve it before I both the lawyers. Works for the most part (I've got a success rate of 98%, though I suspect MS will drag that down shortly), especially if I have the good sense to proof read and make sure I've not dropped a bollock somewhere in what I've written.
Slightly different if I was responding to a similar letter though, that'd always get looked over by a lawyer from the outset.
I stay out of the OS war flame threads on The Register but this has me incensed, I have a preference for Linux but use MS wares for work and actually think some of their stuff is OK.
I am an innocent caught in the crossfire, along with many others. MS needs to get the legitimate requests passing through now or get what they deserve. This whole thing stinks of corruption.
Lets hope some of the darker side really go to town on Microsoft's websites, there are probably enough people with the skills that might now have the inclination that didn't previously. As far as I am concerned MS has broken the law, forget the toy pretend law that they sell in America, but here in the free world.
That is all, no remote access to any of my (ironically) System Center Dev environment remotely today. What a bunch of jokers. I would imagine a class action won't be too far away after this.
I wonder if next time I find a security flaw in a microsoft product I can go to court with it and claim said product.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
