After Microsoft seizure, No-IP regains all 23 domains

No-IP, the dynamic DNS provider that was subject to Microsoft’s court-ordered domain seizure, regained control of all property it lost to a Redmond sinkhole on Monday.

Microsoft’s hold on 23 domains from No-IP, as part of its court-sanction effort to take down a serious malware threat, appears to have come to an end.

“We would like to give you an update and announce that all of the 23 domains that were seized by Microsoft on June 30 are now back in our control.

"Please realise that it may take up to 24 hours for the DNS to fully propagate, but everything should be fully functioning within the next day,” No-IP spokesperson Natalie Goguen said.

Microsoft seized control over the core of No-IP’s free dynamic DNS offering on Monday, after a US court granted Microsoft the authority to redirect traffic on domains to its own server in order to stop two pieces of malware known as NJrat and Jenxcus botnets.

The criminals responsible for the malware families were said to be using No-IP as control centre infrastructure for botnets built upon millions of PCs that had been infected by the malware families over the past year.

Microsoft’s action was reportedly responsible for around 4 million websites becoming unreachable, however the company’s order identified 22,000 individual domain names alleged to have been used to distributed malware.

To secure the court’s endorsement of is action, Microsoft claimed No-IP didn't respond to claims that its service was being used to distribute malware. However, No-IP has said that it wasn't approached by Microsoft prior to Monday’s seizure.

On Tuesday, Microsoft admitted a technical error meant that its action affected more of No-IP’s customers than it had intended but that it resolved the issue. No-IP disagreed with this.

Yesterday, No-IP said that it regained control over 18 of 23 domains that Microsoft had seized and was waiting for Public Interest Registry, which controls all ".org" top-level domains, to make the rest of the company's domains available.

It’s not clear why No-IP regained control over its domains, however the company appears to have achieved it through negotiating with Microsoft.

David Finn, executive director and associate general counsel of Microsoft’s Digital Crimes Unit said in a statement that Microsoft was “pleased at the progress” its made in discussions with No-IP.

“They have regained control of their domains, and we are reviewing the malicious subdomains to identify the victims of the malware,” said Finn.

While Microsoft has been widely criticised for its handling of the incident, its action has been credited for destabilising several online threat groups, including the troublesome Syrian Electronic Army (SEA).

Researchers at Russian security firm Kaspersky claimed that Microsoft’s action made a dint on a quarter of the attack groups it had been tracking, including SEA.

Join the CSO newsletter!

Error: Please check your email address.

Tags MicrosoftsecurityNo-IP

More about KasperskyMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place