After Microsoft seizure, No-IP regains all 23 domains

No-IP, the dynamic DNS provider that was subject to Microsoft’s court-ordered domain seizure, regained control of all property it lost to a Redmond sinkhole on Monday.

Microsoft’s hold on 23 domains from No-IP, as part of its court-sanction effort to take down a serious malware threat, appears to have come to an end.

“We would like to give you an update and announce that all of the 23 domains that were seized by Microsoft on June 30 are now back in our control.

"Please realise that it may take up to 24 hours for the DNS to fully propagate, but everything should be fully functioning within the next day,” No-IP spokesperson Natalie Goguen said.

Microsoft seized control over the core of No-IP’s free dynamic DNS offering on Monday, after a US court granted Microsoft the authority to redirect traffic on domains to its own server in order to stop two pieces of malware known as NJrat and Jenxcus botnets.

The criminals responsible for the malware families were said to be using No-IP as control centre infrastructure for botnets built upon millions of PCs that had been infected by the malware families over the past year.

Microsoft’s action was reportedly responsible for around 4 million websites becoming unreachable, however the company’s order identified 22,000 individual domain names alleged to have been used to distributed malware.

To secure the court’s endorsement of is action, Microsoft claimed No-IP didn't respond to claims that its service was being used to distribute malware. However, No-IP has said that it wasn't approached by Microsoft prior to Monday’s seizure.

On Tuesday, Microsoft admitted a technical error meant that its action affected more of No-IP’s customers than it had intended but that it resolved the issue. No-IP disagreed with this.

Yesterday, No-IP said that it regained control over 18 of 23 domains that Microsoft had seized and was waiting for Public Interest Registry, which controls all ".org" top-level domains, to make the rest of the company's domains available.

It’s not clear why No-IP regained control over its domains, however the company appears to have achieved it through negotiating with Microsoft.

David Finn, executive director and associate general counsel of Microsoft’s Digital Crimes Unit said in a statement that Microsoft was “pleased at the progress” its made in discussions with No-IP.

“They have regained control of their domains, and we are reviewing the malicious subdomains to identify the victims of the malware,” said Finn.

While Microsoft has been widely criticised for its handling of the incident, its action has been credited for destabilising several online threat groups, including the troublesome Syrian Electronic Army (SEA).

Researchers at Russian security firm Kaspersky claimed that Microsoft’s action made a dint on a quarter of the attack groups it had been tracking, including SEA.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftNo-IP

More about KasperskyMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts