No-IP a DNS service company told its customers on its company blog yesterday, that Microsoft has gotten a federal court order seizing 22 of its domain names based on the activity of users on some of the subdomains.
According to arstechnica.com, “Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.”
“In a complaint Microsoft filed under seal on June 19, Microsoft attorneys said No-IP is “functioning as a major hub for 245 different types of malware circulating on the Internet.” The document said abuse of the service has been the subject of recent blog posts by both OpenDNS and Cisco Systems.
“Although Defendant Vitalwerks is on notice and should be aware that its services are heavily abused, it has failed to take sufficient steps to correct, remedy, or prevent the abuse and to keep its domains free from malicious activity,” the attorneys wrote. In addition to naming No-IP, the complaint also charged two men who allegedly used No-IP to work with Bladabindi and Jenxcus control servers. More documents filed in the case are available here.”
According to krebsonsecurity.com, Microsoft to go after 2,000 or so bad sites, has taken down four million.
Here is the blog post from No-IP:
“We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue.”
“This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. ”
“We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us.”
“Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.”
“We have been in contact with Microsoft today.”
“They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. ”
“However, this is not happening.”
“Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.”
“Had Microsoft contacted us, we could and would have taken immediate action.”
“Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.”
Jeff Schneider says
Hello MHB,
The Traffic Turf Wars continue. So are Marketing Strategies Changing to Disrupt The Status Quo? ABSOLUTELY !
Gratefully, Jeff Schneider (Contact Group) (Metal Tiger)
Louise says
Here is a list of some of the offending sub-domains:
EXHIBIT C
1
microsoft-hi.zapto.org
trojan12windows6.zapto.org
windows-reg.no-ip.biz
windows7.zapto.org
microsoftcae.no-ip.biz
windows2007.no-ip.biz
microsoftoffic.no-ip.biz
microsoft80win.no-ip.biz
microsoft-servers.no-ip.biz
microsoftess.zapto.org
windows-services.zapto.org
windows-team.zapto.org
windowssvc.no-ip.biz
microsoftx.no-ip.biz
microsofts.no-ip.biz
microsoftoffice.no-ip.biz
windowsos.zapto.org
windows.zapto.org
windows0update.zapto.org
windows6.no-ip.biz
xmicrosoftxx.no-ip.biz
windowssecureudate.no-ip.biz
windowsinpute.zapto.org
microsoftcorp.zapto.org
microsoftvisual.zapto.org
ismailwindows.zapto.org
windowsupdate995.no-ip.biz
microsoftcae1.no-ip.biz
microsoftdns.no-ip.biz
windows81.no-ip.biz
windowss.zapto.org
microsoftup.zapto.org
windowssysx.no-ip.biz
windows95.no-ip.biz
windows-service.no-ip.biz
microsoftupdatee.no-ip.biz
windowshqsupport.no-ip.biz
microsoft69.zapto.org
windows1338.zapto.org
windows32.hopto.org
microsoftgroup.sytes.net
microsoftwindoows.sytes.net
windowsystec.sytes.net
microsoftntdll.sytes.net
microsoftwindows.sytes.net
microsoftprotection.sytes.net
windowssys.sytes.net
microsoft-inc.sytes.net
windows9.sytes.net
microsoftst.sytes.net
microsoft-windows.hopto.org
microsoftcompany.hopto.org
windows7.no-ip.info
microsoft55.sytes.net
my-microsoft.sytes.net
windowshost.hopto.org
windows-updat.no-ip.info
windows7.sytes.net
microsoft2update.sytes.net
office-microsoft.sytes.net
usamicrosoft.hopto.org
microsoftcrm.no-ip.info
windowsupd.sytes.net
windows-system.no-ip.info
It’s like, what point does a business own up to responsibility?
Louise says
Order restored to universe as Microsoft surrenders confiscated No-IP domains
http://arstechnica.com/security/2014/07/order-restored-to-universe-as-microsoft-surrenders-confiscated-no-ip-domains
“Of 23 addresses taken in controversial legal action, 18 have so far been returned”