On Monday, Microsoft said they were taking No-IP (noip.com) to task, "as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware."
The case is Microsoft's latest effort to slow the spread of malware online, but this time innocents are caught in the crossfire. In their move to block malicious traffic, Microsoft has also stopped legitimate traffic on a network used by millions of people.
No-IP lost control over 23 of their domains, the core of their free dynamic DNS offering, after a court in Nevada allowed Microsoft to redirect traffic on them in order to stop the NJrat and Jenxcus botnets. The criminals responsible for the malware families were using No-IP as a means to ensure that infected hosts could always reach the Internet.
"Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains," wrote Richard Domingues Boscovich, Assistant General Counsel for Microsoft Digital Crimes Unit.
"Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn't account for detections by other anti-virus providers. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online."
Microsoft cites reports from OpenDNS, Cisco, FireEye, General Dynamics, and Symantec in their complaint against No-IP, noting that the firms have consistently reported that the dynamic DNS provider has been a haven for criminal activity when it comes to malware.
Microsoft also says that No-IP has failed to take sufficient steps to correct or prevent the abuse to its services, and to keep its domains free of illegal activity.
As such, they requested control over the 23 primary domains that support the free DNS services from No-IP, so that the company could sinkhole the 18,472 malicious domains being used by the criminals.
However, while Redmond said they would filter out the bad traffic and allow normal access to the domains for good traffic (enabling proper DNS resolution), that isn't what's happened.
In a statement, No-IP said that Microsoft's "draconian actions have affected millions of innocent Internet users."
"They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors."
Sign up for CIO Asia eNewsletters.