Microsoft admits technical error in IP takeover, but No-IP still down

No-IP claims Microsoft doesn't appear to be very good at DNS

Microsoft admitted Tuesday it made a technical error after it commandeered part of an Internet service's network in order to shut down a botnet, but the Nevada-based company says its services are still down.

A federal court in Reno granted Microsoft an ex-parte restraining order that allowed it to take control of 22 domains run by No-IP, a DNS (Domain Name Service) provider owned by Vitalwerks, which was served the order on Monday.

Microsoft alleged the domains were being abused by cybercriminals to manage and distribute malware. It was the tenth time Microsoft has turned to the courts to take sweeping action against botnets, or networks of hacked computers.

Although No-IP was not accused of wrongdoing, Microsoft maintained the company had not done enough to stop abuse on its networks. Microsoft's intention by seizing the domains was to block only the computers using No-IP's services that were being used as part of a botnet.

But "due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service," according to an email statement from David Finn, executive director and associate general counsel of Microsoft's Digital Crimes Unit.

"We regret any inconvenience these customers experienced," Finn wrote via email on Tuesday.

He claimed that No-IP's services were restored at 6 a.m. Pacific Time Tuesday. No-IP spokeswoman Natalie Goguen wrote via email that Microsoft made a technical change on Tuesday to forward legitimate traffic back to No-IP, but "it didn't do anything."

"Although they seem to be trying to take corrective measures, DNS is hard, and they don't seem to be very good at it," she wrote.

When queried, a Microsoft spokeswoman pointed to a tweet by No-IP that said it was under DDoS (distributed denial-of-service) attack. Goguen responded that No-IP's website was under attack but it did not affect its DNS infrastructure.

No-IP provides a free service that allows a customer's domain name to always point back to their computer even if an ISP assigns a different IP address to a computer when it comes online. It does that by offering subdomains for 22 main domain names it owns.

The IP address of a customer's subdomain is updated as the computer's IP address changes. Records in the DNS (Domain Name System) are then updated.

In its civil suit, Microsoft alleged two foreign nationals, Mohamed Benabdellah of Algeria and Naser Al Mutairi of Kuwait, used No-IP's service to facilitate the management of malware that steals sensitive data from people's computers.

No-IP's service "provides computers that move from IP address to IP address a stable domain name for malware-infected computers to contact," according to the lawsuit.

No-IP maintains that it has worked with companies that reported abuse but "unfortunately, Microsoft never contacted us or asked us to block any subdomains," according to a blog post on Monday.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags CriminalMicrosoftsecuritylegalcybercrimeVitalwerks

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts