Jump to content
Usr6

No-ip seized by Microsoft

By Usr6, in Stiri securitate

Recommended Posts

Usr6 Newbie

Usr6

Posted
Posted (edited)

dcu6.png

Millions of legitimate servers that rely on dynamic domain name services from No-IP.com suffered outages on Monday after Microsoft seized 22 domain names it said were being abused in malware-related crimes against Windows users.

Microsoft enforced a federal court order making the company the domain IP resolver for the No-IP domains. Microsoft said the objective of the seizure was to identify and reroute traffic associated with two malware families that abused No-IP services. Almost immediately, end-users, some of which were actively involved in Internet security, castigated the move as heavy handed, since there was no evidence No-IP officially sanctioned or actively facilitated the malware campaign, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm).

"By becoming the DNS authority for those free dynamic DNS domains, Microsoft is now effectively in a position of complete control and is now able to dictate their configuration," Claudio Guarnieri, co-founder of Radically Open Security, wrote in an e-mail to Ars Technica. "Microsoft fundamentally swept away No-IP, which has seen parts of its own DNS infrastructure legally taken away."

No-IP was no less critical of the move. In a statement that alleged damage to "millions of innocent users," company officials wrote:

This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.

We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.

Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.

Vitalwerks and No-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyberscammers, spammers, and malware distributors. But this heavy handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.

In a blog post, Richard Domingues, assistant general counsel for the Microsoft digital crimes unit, said Microsoft pursued the seizure for No-IP's role "in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large." He added: "We're taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladeabindi (NJrat) and Jenxcus (NJw0rm) family of malware."

He went on to say: "As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online."

Dynamic DNS providers are popular because they allow people to obtain a free subdomain—such as dangoodin.no-ip.org—that automatically maps to whatever IP address the user's computer is using at the moment. The mapping changes each time the user's IP address is updated. Such services are especially loved by online gamers and Linux user group members. The services can also be popular with criminals running command and control servers that manage large numbers of infected computers.

According to Domingues, No-IP domains were used 93 percent of the time by Bladabindi and Jenxcus. In the past year alone, the two malware families have been detected by Microsoft more than 7.4 million times, a figure that doesn't include detections by competing anti-malware services. Microsoft has more about the malware here and here.

In a complaint Microsoft filed under seal on June 19, Microsoft attorneys said No-IP is "functioning as a major hub for 245 different types of malware circulating on the Internet." The document said abuse of the service has been the subject of recent blog posts by both OpenDNS and Cisco Systems.

"Although Defendant Vitalwerks is on notice and should be aware that its services are heavily abused, it has failed to take sufficient steps to correct, remedy, or prevent the abuse and to keep its domains free from malicious activity," the attorneys wrote. In addition to naming No-IP, the complaint also charged two men who allegedly used No-IP to work with Bladabindi and Jenxcus control servers. More documents filed in the case are available here.

Monday's seizure was the tenth major malware disruption Microsoft has participated in. The actions typically combine surprise technical and legal procedures that eradicate or significantly disrupt major botnets. Generally, law-abiding Internet users benefit from the actions because they vastly reduce a form of crime that's extremely difficult to combat. The latest action, however, underscores the darker side of these legal procedures, as millions of legitimate users get caught in the crossfire.

Sursa: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains | Ars Technica

Edited by Usr6
Link to comment
Share on other sites
Vlachs Newbie

Vlachs

Posted
Posted
Cei de la MS au facut ce trebuia pentru a-si proteja utilizatorii, insa ma intreb sub ce autoritate au avut dreptul sa faca asta ?

Cei de la Microsoft sunt foarte activi in analiza malware si retele botnet, cred ca au dat mai multe jos decat fbi-ul, etc, tocmai chestia asta ii face sa fie recunoscuti si in cazul de fata, oamenii de la microsoft, au luat datele din log-uri si analizele facute si au mers frumos la un judecator si "uite asta-i treaba", judecatorul a decis ca au dreptate si gata, daca nu aveau dovezi, judecatorul nici nu se uita la ei.

Link to comment
Share on other sites
Birkoff Newbie

Birkoff

Posted
Posted

acum merge no-ip (si adresa mea merge) dar probabil ca la multi altii inca se lucreaza.

problema insa e alta, de ce MS nici macar nu a incercat sa ia legatura cu reprezentantii no-ip inainte sa actioneze cum au actionat? mi se pare total lipsit de etica, macar daca discutau initial cu no-ip si nu se intelegeau atunci puteau trece la fapte, dar nici asa, vine unu care se da mare si tare si iti strica toata afacerea apoi incearca sa o dreaga...

Link to comment
Share on other sites
-Immortal- Newbie

-Immortal-

Posted
Posted
acum merge no-ip (si adresa mea merge) dar probabil ca la multi altii inca se lucreaza.

problema insa e alta, de ce MS nici macar nu a incercat sa ia legatura cu reprezentantii no-ip inainte sa actioneze cum au actionat? mi se pare total lipsit de etica, macar daca discutau initial cu no-ip si nu se intelegeau atunci puteau trece la fapte, dar nici asa, vine unu care se da mare si tare si iti strica toata afacerea apoi incearca sa o dreaga...

Tu astepti etica de la ochelarist? Nice joke. Compania asta e extrem de lipsita de scrupule, pot sa aduc aminte de problemele care existau la placile de baza cu UEFI cand incercai sa bootezi orice altceva in afara de MS shit, de problemele de reselling la produsele MS... Dar pana la urma, e o intreaga afacere, deci e vorba de bani.

Link to comment
Share on other sites
Vlachs Newbie

Vlachs

Posted
Posted
Tu astepti etica de la ochelarist? Nice joke. Compania asta e extrem de lipsita de scrupule, pot sa aduc aminte de problemele care existau la placile de baza cu UEFI cand incercai sa bootezi orice altceva in afara de MS shit, de problemele de reselling la produsele MS... Dar pana la urma, e o intreaga afacere, deci e vorba de bani.

Un om "lipsit de scrupule" care este cel mai mare donator din lume, o persoana ce pana spre sfarsitul vietii planuieste sa isi doneze aproape toata averea.

Yea, right.

Link to comment
Share on other sites
-Immortal- Newbie

-Immortal-

Posted
Posted
Un om "lipsit de scrupule" care este cel mai mare donator din lume, o persoana ce pana spre sfarsitul vietii planuieste sa isi doneze aproape toata averea.

Yea, right.

Si ce? Oricum, la cati nervi a provocat, si la cati bani a facut, ca a donat e o chestie care mai mult ii spala imaginea dupa parerea mea, si a donat cu un scop, clar. Si da, Windows e de cacat.

Link to comment
Share on other sites
Vlachs Newbie

Vlachs

Posted
Posted
Ce e de ras tovarase? Hai ca incepi sa te dai cu mot si totusi nu vreau sa imi iau ban din cauza ta. ;)

Pentru ca esti un pulifrici ce nu a stat mai mult de 10 minute pe un linux, sa te vad in linux bagand de nebun comenzi si facand debug(bine, nici pe windows nu cred ca esti in stare sau ca ai facut vreodata).

Vii si spui ca totul e facut pentru Win, da, chestii comerciale, gen Counter Strike si etc. Zi ceva ce nu gasesti pe linux

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...