No-IP, the dynamic DNS provider that was subject to Microsoft’s court-ordered domain seizure, regained control of all property it lost to a Redmond sinkhole on Monday.
Microsoft’s hold on 23 domains from No-IP, as part of its court-sanction effort to take down a serious malware threat, appears to have come to an end.
“We would like to give you an update and announce that all of the 23 domains that were seized by Microsoft on June 30 are now back in our control.
"Please realise that it may take up to 24 hours for the DNS to fully propagate, but everything should be fully functioning within the next day,” No-IP spokesperson Natalie Goguen said.
Microsoft seized control over the core of No-IP’s free dynamic DNS offering on Monday, after a US court granted Microsoft the authority to redirect traffic on domains to its own server in order to stop two pieces of malware known as NJrat and Jenxcus botnets.
The criminals responsible for the malware families were said to be using No-IP as control centre infrastructure for botnets built upon millions of PCs that had been infected by the malware families over the past year.
Microsoft’s action was reportedly responsible for around 4 million websites becoming unreachable, however the company’s order identified 22,000 individual domain names alleged to have been used to distributed malware.
To secure the court’s endorsement of is action, Microsoft claimed No-IP didn't respond to claims that its service was being used to distribute malware. However, No-IP has said that it wasn't approached by Microsoft prior to Monday’s seizure.
On Tuesday, Microsoft admitted a technical error meant that its action affected more of No-IP’s customers than it had intended but that it resolved the issue. No-IP disagreed with this.
Yesterday, No-IP said that it regained control over 18 of 23 domains that Microsoft had seized and was waiting for Public Interest Registry, which controls all ".org" top-level domains, to make the rest of the company's domains available.
It’s not clear why No-IP regained control over its domains, however the company appears to have achieved it through negotiating with Microsoft.
David Finn, executive director and associate general counsel of Microsoft’s Digital Crimes Unit said in a statement that Microsoft was “pleased at the progress” its made in discussions with No-IP.
“They have regained control of their domains, and we are reviewing the malicious subdomains to identify the victims of the malware,” said Finn.
While Microsoft has been widely criticised for its handling of the incident, its action has been credited for destabilising several online threat groups, including the troublesome Syrian Electronic Army (SEA).
Researchers at Russian security firm Kaspersky claimed that Microsoft’s action made a dint on a quarter of the attack groups it had been tracking, including SEA.