Microsoft News

Microsoft takes the Lumia 930 to the Cornbury music festival

Microsoft News

China's going after Microsoft, but what for?

Editorials

Analysis of Microsoft's Q4 2014 results

Editorials

Xbox Video and Music are getting 'streamlined' says Nadella

Surface

Video of Microsoft's secret labs offers a look into the world of Surface

Windows Phone News

5.8 million Lumia smartphones sold this last quarter

General News

Microsoft generates $23.38 billion in revenue for FY14 Q4

General News

Microsoft focuses on design to unify separate platforms

General News

Microsoft to hold one big IT conference in May 2015 as they replace TechEd [Update]

Microsoft News

Microsoft 'betrayed' Finland, says Finnish finance minister of layoffs

Editorials

Putting the Microsoft job cuts into perspective

Microsoft News

Stephen Elop explains how recent job cuts will affect Microsoft's handset division

Microsoft News

Microsoft to cut 18,000 jobs in the next year

Microsoft News

Microsoft layoffs allegedly happening tomorrow, will be largest in company history

Microsoft News

Microsoft widens its renewable energy commitment with wind farm deal in Illinois

Microsoft News

'Microsoft needs to change', says CEO Satya Nadella

Microsoft News

Microsoft set to lay off large amounts of staff in upcoming organizational changes

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

Microsoft News

Microsoft says it now 'regrets' creating issues for No-IP customers

48

Microsoft restores control of seized domains to No-IP

After confiscating 22 domains from hosting service No-IP earlier this week, Microsoft has announced today that it has restored control of the seized domains to the hosting provider.

Microsoft took control of 22 of the most popular No-IP domains last week stating that malware creators were using some of the subdomains to infect millions of machines with malware. Although the software giant received the go-ahead from a court in Nevada, No-IP mentioned that Microsoft failed to communicate the situation clearly with the domain hosting service, which led to over 1.8 million of legitimate connections going dark.

With the restoration of the domains, most of the connections that were affected should be coming back online. No-IP has since stated that users who were still experiencing issues should switch to Google or OpenDNS DNS servers for the time being. The hosting provider also has a workaround detailed on its blog, which you can read about by going here.

Were any of you affected by Microsoft's seizure of No-IP's domains?

Source: No-IP Blog

2
loading...
77
loading...
37
loading...
0
loading...

Comments

There are 48 comments. Sign in to comment

umangpop777 says:

No ... Mine was working perfectly

A7500 says:

I didn't even know Microsoft did something.

powerd says:

Who cares about this here?

Shantek says:

Agreed. No relevance to me

eddieDOTexe says:

I do.

This is very unprofessional on their part.

This impression of unprofessionalism on Microsoft's part comes from No-IP's *claim* that MS didn't contact them beforehand. MS, for their part, *claim* they (together with Cisco) have been asking No-IP to get their act together security-wise for a year now. Without knowing more about the story it's hard to tell which one is telling the truth.

What I do know, though, is that the benefits of taking down (or even crippling) a major botnet far outweigh the annoyances of some people not being able to check their nannycams or host Minecraft for a couple of days. The needs of the many outweigh the needs of the few (or in this case, less many), and so on.

And if you have anything more critical (like a business) depending on a *free* DynDNS service, you're doing it wrong.

Also, do keep in mind that MS didn't just do this vigilante-like. They filed an injunction which got approved by a judge, which was then served to No-IP and their DNS providers. So this isn't a case of a megacorporation bullying a small company as so many try to make it look like, it's just another coordinated effort to crack down on global malware, and No-IP just happened to be caught in a crossfire because apparently their free service is a massive malware vector.

Bhawk1990 says:

I do for example. I have been actively using their services for 7 years. Because of this "outage", hundreds of users were unable to use our services.

By the way, malware creators are using the internet to spread their malware, take down the whole internet next time.

felickz says:

If you are doing business with a company that ignores security issues, don't be surprised when someone drops the hammer on them.

Bhawk1990 says:

I've only registered for a host/redirect to give a friendly address instead of an IP for my users.

1: How should I know if that specific company is such ignorant in terms of "spreading malware".
2: As I said, I've been using their service for 7 years already. I had no problems before with them so I am surprised. WPCentral was the first place where I've read about this story.

Time to get a domain...

JoseCortesP says:

7 years ago, and it's now when you realize its time to buy a domain? WOW

MikeSo says:

I certainly do. I use a No-IP domain to connect to my home security camera and to my home PC using remote desktop, both from my Windows Phone. I was travelling the last two days and was unable to connect to home. well, I have never said this before, but F**K YOU Microsoft. This was an unbelievably shitty thing to do. I was troubleshooting, reinstalling Remote Desktop etc for a long time. I had no idea what was going on.  To find out that Microsoft screwed up my phone's usability... let's just say I have always supported MS wih money and good will... in this case they royally messed up.

Will leave a bad taste in my mouth for a long time.

If Google had done this, WP Central would've been in an uproar...

Omoronovo says:

In two days you didn't even bother looking on your no-ip control panel and connecting directly with the ip? Are you serious?

 

If you have such a reliance on connecting home with your domain, BUY ONE. In the UK, you get two years of a .co.uk domain for £1.99, and similar deals elsewhere. I can't believe someone would put critical "important" services on a free domain redirect and not understand the basic principles of having a plan if the service (which is out of your hands) goes down.

 

Ridiculous.

MikeSo says:

They aren't critical. They aren't "important". Just really, really annoying that Microsoft behaved like this. Shutting down millions of legitimate users' services in order to get to 0.00008% or so of the abusers, that's crap.

And yes, if this had been Google, this site would have been all over it...

_Emi_ says:

"Citing reports from OpenDNS, Cisco, Symantec and other companies in the complaint against the free DNS provider, Microsoft states that No-IP has consistently ignored warnings provided regarding criminal activity operating on its network, failing to take into account the severity of the situation."

"Microsoft received the go-ahead from a Nevada court to redirect traffic on targeted domains to stop the NJrat and Jenxcus botnets. These botnets relied on the No-IP framework to remain online and be constantly connected to the internet."

next time read something like that please, before showing your stupid and retard words in a comment without first thinking.
do you think Nevada would have told Microsoft to take control of it without any proof and without previous warnings? yea right...
now please again, research and use your brain next time. kthx

MikeSo says:

Hey Emi, fuck off.

Why is one password on the background?

aleunge says:

My service went down. With the harsh email and notification from no-IP, I thought the outage would be longer due to the severity. Glad it's back quite quickly.

 

MS supposedly didn't give any warnings to no-IP, but it took no-IP almost a day to notify us after the service was out... Got me wondering and troubleshooting.

Mark Kaplan says:

I applaud Microsoft for taking a stand and doing something! Providers need to do more to stem the flow if Malware.

Same here. MS have been taking a stand against malware for quite some time now (this is their 10th major botnet takedown, as I've read), but for some reason very few people seem to appreciate this. And now that one of their actions had some unfortunate side effects, everyone is up in arms. Typical reactions I've seen online (with my comments):

  • "Shouldn't someone take down Hotmail/Outlook.com then?" No, because MS have been working very hard on filtering out spam and malware that passes through their servers. The problem (at least according to MS) is that No-IP were neglecting their responsibilities in this regard.
  • "It's Microsoft's own fault for making insecure software." Well, yes, large parts of any botnet are probably running Windows XP and older. That's why MS have released FOUR new, much more secure versions of Windows since then and have done their damndest to get people to upgrade. But of course, those efforts are then met with accusations of corporate greed.
  • "Why should non-MS customers suffer for Windows users?" Because botnets serve malware to other platforms as well, not to mention deliver spam, perform DDoS attacks and more. The takedown of a botnet benefits everyone, not just MS customers.

Of course, hatred and distrust towards Microsoft blinds many people to these logical conclusions and precludes any possibility of giving MS the benefit of doubt. Good to see that at least WPCentral has relatively neutral coverage on this event.

blackprince says:

There is so much reason in this that I want to give you a puppy.

AriesDog says:

The only ones up in arms are the tech press during a slow news cycle.

Nataku4ca says:

Great post, would you mind me copying and pasting when the chance arises?

Not at all, please spread it all you want.

Pich Sovann says:

Future Xbox Music update, The Live Tile
http://oi58.tinypic.com/2conear.jpg

Yes, I lost connection to some remote sites due to the outage. I had no idea what was going on and the only way I found out was here at wpcentral. No-IP eventually sent an email, but that was late in the day. Thank you for posting the story when you did! This is far from "boring news" to people utilizing the service, despite the first few comments above.

Rug says:

I don't use the service, but the Linux lovers of the world over at Ars were quite vocal about this.

wpguy says:

Those of you running your business on dynamic IP, why? (Legitimately want to know why instead of standard static IP service or hosting at an ISP.)

Nataku4ca says:

I'm guessing 1. To save a few bucks or 2. Don't have an IT team on site (which is usually the case)

Reason is quite simple.. In a lot of business areas you can't work with static ip's, mobile workplaces like used in construction companys or the healthcare market as example or if used with "mobile" internet devices. They have no choice, also there are still areas also in the US where it's not possible to get a static ip or a "wired" internet connection.

Also this service is not for free in general, they allow it for free accounts but companies mostly have paid one's and they act and working like any other DNS registrar do and this very stable. For example the downtime rate for no-ip was close to zero, also you should have in mind that we're talking about DNS which is very stable in general.

Also nobody has a problem with law enforcment and to take down botnet's, but if you know someone in your street or in a "high" criminal area is doing something wrong; should we shoot them all? Nice

Next point, more important for business... It means that any service in the US is not save incl. services from Microsoft like Azure. It means, if you have a good lawyer you can shutdown and take over everything and do what ever you want. So if a bad guy lives close by your house any "victim" can take over your house without any warning because the "bad guy" could hide there. Do not forget, Microsoft is not a federal Agency; they claimed there Product is a Victim and a private company overtaken the property of an other company without any "public" control. Is this the kind of justice you want? So if you have a Master Card and other bad people are cheating with Master Cards, VISA can say that there product get's an public image damage and can claim all Master Card accounts. Iam exaggerating but only to clearly demonstrate what happens and why a lot of people are not willing to accept this. If you're now in a restaurant and can't pay the bill someone is telling you; bad luck why don't you use a VISA card or have the 200$ on the bill in cash with you. You have to expect that the Master Card do not work...

Also this action was against two Botnet's, what happen to all the other ones incl. these ones using Microsoft Services like outlook.com to communicate and call home? Nothing, should we now close the whole internet?

If Microsoft would work together with the FBI and perform a controlled intervention to take down only the affected domains nobody will say something, fully ok but the way how this was performed is only one thing: Stupid.

"It means that any service in the US is not save incl. services from Microsoft like Azure. It means, if you have a good lawyer you can shutdown and take over everything and do what ever you want."

Well, kind of. You'd need a very good lawyer to be able to take over anything you want. But in general, yes, I imagine even Microsoft's own services aren't "save". It's just that Microsoft are working hard to prevent their services from being massive malware vectors.

More than a good lawyer, though, you need a good reason to take over something. As far as I can see, MS had a good reason to do what they did.

"So if a bad guy lives close by your house any "victim" can take over your house without any warning because the "bad guy" could hide there."

This isn't a case of a "bad guy" living near your house, this is more like dozens of bad guys regularly hanging in your house and using it to sell drugs. Of course that sort of thing is going to attract attention and eventually someone is going to want to do something about it.

"Do not forget, Microsoft is not a federal Agency; they claimed there Product is a Victim and a private company overtaken the property of an other company without any "public" control."

Microsoft didn't overtake any property. They didn't kick down the door at No-IP and steal their servers or whatever it is you think that happened. They didn't even overtake the domains, those still remained the property of No-IP. What happened was that the DNS records of those domains were changed to point to Microsoft's nameservers and the domain registrars were forbidden from changing them back. This enabled Microsoft to control and redirect the traffic to and from those domains, and thus shut down those users that were spreading malware. You know, the job that No-IP was supposed to be doing.

"Iam exaggerating"

Yes, grossly.

"Also this action was against two Botnet's, what happen to all the other ones incl. these ones using Microsoft Services like outlook.com to communicate and call home? Nothing, should we now close the whole internet?"

If you have information about botnets using Outlook.com to communicate, I'm sure Microsoft would very much appreciate learning about it. Also, are you saying that just because there are other botnets out there we shouldn't bother with any of them? That's incredibly short-sighted. The only way any progress can be made against them is by taking them on one by one.

"If Microsoft would work together with the FBI and perform a controlled intervention to take down only the affected domains nobody will say something, fully ok but the way how this was performed is only one thing: Stupid."

MS did take down only the affected domains. That's why this only affected free accounts.

Or if you meant that they should have taken down only affected subdomains, then that would have been both impractical and futile. It's trivial for botnet operators to register new subdomains, and going after those individually would be a pointless game of whack-a-mole. The goal of this operation was to take down the control servers behind the subdomains, and that required being able to redirect the traffic. Whether or not it was successful remains to be seen. I hope it was.

Ok..

Yes, you need a good lawyer.. Just read how Microsoft explain this action to the court, have fun! Because a couple of these statement are not true or massive oversized.

Math: 2-4 Million Domains; i take 3 Million which is the middle way / 22000 Domain = 136 So if 136 people have an house one bad guy is enough. This is not really a bunch, just a simple calculation.

Microsoft did not overtaken there property.. Hmm, the DNS entries were transfered to Microsoft DNS Servers, so if i transfer your money to my bank account i do not take it from you. Ok... DNS Names/Subdomains are there property and there main business. Someone holds the property if he can controll it and this is what happens. Can you provide me your account details please? :-) I like your interpretion of property and i will also not kick down your door; promised!

Botnet and Spambot's are using Outlook like hell, for example spam and scam.. In my blog i got 10 up to 50 registrations per day only from Outlook spambots with verified EMail Accounts, means no fake or no fantasy. Try to commit one account to Microsoft and just see what happens by your own, if you want to make it easy just create a "bad" account by yourself. Have Fun!

Regarding the domains.. If i would be a professional Hacker i would start an own DNS Server hosted in a not controlled country; let me say china (by the way the most hacking attacks are coming from here). Now let me see how you will prevent this.. Also there are several providers working in the same way.. These mentioned hackers (two) from the Arabian don't look to be really professional but ok if you think so.

Iit looks currently like a failed PR campaign against an easy to handle victim (company).

If you thing everything it's fine, Microsoft doesn't look that they share this opinion. If everything was so fine, it doesn't make sense to give back the subdomains/domains incl. a lot of the bad ones. So Microsoft did not take down a bunch of these "bad" domains.. Why?

Oh i forgot.. I've a paid account which was also affected (running bad malware webcams behind it).. What, how could it be following your argumentation it can not be true because it's not a free account. I must have dreamed this like all the other people and companys using no-ip. Only a few "main" domains hold by no-ip wasn't affected, The transfered main domains could hold free AND paid accounts and this messed up the things a little bit. It was not a controlled cut, it was pure sledgehammer action.

"Math: 2-4 Million Domains; i take 3 Million which is the middle way / 22000 Domain = 136 So if 136 people have an house one bad guy is enough. This is not really a bunch, just a simple calculation."

Not sure what exactly you're trying to say with this. Are you again implying that just because there are a lot of botnets out there, it's not worth it to go after any individual one? If that's the case, how is any progress supposed to be made against them?

"Microsoft did not overtaken there property.. Hmm, the DNS entries were transfered to Microsoft DNS Servers, so if i transfer your money to my bank account i do not take it from you. Ok... "

The DNS entries were not transferred, they were changed to point to Microsoft's name servers. Nothing tangible like money was transferred.

Look, I'm not trying to say this somehow didn't affect No-IP's business. Of course it did. But you're arguing over semantics and missing the overall picture.

"Botnet and Spambot's are using Outlook like hell, for example spam and scam."

Ah, you're talking about spam and phishing emails? That's what botnets produce, not how they function. Your original post made it sound like Outlook.com servers were somehow a part of the botnet (quote, "[botnets] using Microsoft Services like outlook.com to communicate and call home"). I guess you misspoke.

Also, shutting down Outlook.com would not affect the botnets because it's not the source of the spam, it's the target. No-IP was part of the source as malware was being served from domains under their control, and (allegedly) not doing anything about it, that's why MS and their partners decided to step in.

If you think the actions taken were unreasonable, consider directing your anger at the judge who approved them.

"Iit looks currently like a failed PR campaign against an easy to handle victim (company)."

What purpose would a PR campaign against No-IP serve? No, wait, that's the wrong question to ask. The real question is, how does what Microsoft are doing even qualify as a PR campaign? Those usually involve information being distributed to the public (which is what the "P" in "PR" stands for), but in this case MS have yet to release any significant information at all, to the point where people are accusing them of being secretive and trying to cover things up. The facts don't seem to support your "failed PR campaign" hypothesis.

Yes, No-IP is a victim here. A victim of botnet operators (and what looks increasingly like their own incompetence).

Also, are you saying that there was actually no real issue here and MS simply lied to the Nevada court and deceived the judge into signing the order? If so, that's a pretty serious accusation. If you have proof, why aren't you making it public? You'd be the hero of the internet. Unless, of course, you actually have no proof whatsoever.

"If you thing everything it's fine, Microsoft doesn't look that they share this opinion. If everything was so fine, it doesn't make sense to give back the subdomains/domains incl. a lot of the bad ones. So Microsoft did not take down a bunch of these "bad" domains.. Why?"

Because they got what they wanted? How do you know they "gave back" the malware-related subdomains? All we know is that they "gave back" the domains themselves, and that most people who were using No-IP's service for legitimate purposes are back in business. What information do you have that says MS "gave back" malicious subdomains?

Also, please re-read what I wrote above. The subdomains themselves weren't the real target because those are easily replaced. The real target were the servers controlling the botnet. If MS managed to get to those, then they had no further reason to keep redirecting the DNS entries.

"Oh i forgot.. I've a paid account which was also affected (running bad malware webcams behind it).. What, how could it be following your argumentation it can not be true because it's not a free account. I must have dreamed this like all the other people and companys using no-ip."

Ah, my mistake then. As far as I know, the list of domains affected hasn't been officially published, so I was going by what people had reported over at Ars Technica.

In any case, my point remains. If MS' operation also affected domains used by paying customers, then presumably those domains were also used for serving malware. Yes, that makes the side effects somewhat more unfortunate, but you can't make an omelette without breaking a few eggs.

Regarding the fact hat my full answer will not be accepted as spam by this site and iam not able to add url's for a more complex documentaion i can only say wait until 7/10 (read notice of law from the nevada court). Here you will also find the full list of affected domains which should be closed and you can use google (news) to search the results or use other tools to figure out if they're available or not.

In other words, this thing is not finished for Microsoft and i respect your opinion but please allow that i don't share it.

...and just let me ask a last question: Do anyone really believe that Microsoft has rolled back the action incl. the release of a bunch of bad domains which are mentioned in the list and working again (just figure it out by sending a ping) as result of the protest from a couple of Linux Guy's without any business or legal impact?

cha0sman says:

Not at all. Microsoft had a court order to do the sink. This isn't the first time it was done. In this instant case I am not aware of, but, in the past they would sink the domains and point them to Microsoft's servers which the bots in the botnet would take commands from. Microsoft would broadcast commands to the bots to disable themselves. It has to be done in an all or nothing approach meaning all affected domains or nothing. Otherwise, the botnet master could push a change on the unaffected domains. The release was most definitely a result of a successful operation.

MazoMark says:

I lost remote access to my NAS with no explanation on Monday. Wasn't until I saw news about MS action that I knew what was going on.

I see MS attempt to stamp out malware as laudible, but this was like killing a flea with a sledgehammer. You may succeed, but there is going to be collateral damage!

MS should not act as self appointed policeman of the Internet. What's next - convince a judge to shut down all VPN providers because they can be used to hide illegal activity?

MikeSo says:

At least someone here is reasonable.

Steven Curl says:

They've had great success pulling down these botnets with the help of Cisco, Norton and other security firms. no-ip ignoring the issue (allegedly) doesn't mean Microsoft is in the wrong here.

Nataku4ca says:

Well no-IP is claiming MS didn't give them enough info, but MS got court order to take down those domains... In my honest opinion... They probably knew a court order is already being processed and just chose to ignore it, iirc Cisco is involved too so I find it hard to believe that no-IP couldn't just ask for the missing information...

I had tried their proxy services before not worth the time of day

astell says:

MS isn't acting as a self appointed policemen. Their are coordinated efforts between MS, other tech companies, and governmental entities. MS just has the know how and resources to do what the 'effort' wants done. Yes, they seem to spearhead the effort.

klose91 says:

Until yesterday I didn't know that this service was existing. But then you read news and comments and everyone was going nuts and bashing against Microsoft. We don't know about contacting each other but Cisco made this year an report about that and this service hasn't done anything to fix the issue, so I can imagine that MS also said something to them and they didn't fixed it. So it was logical that something like that will happen. I don't understand why the people aren't pissing off no-ip, since they're the root of the evil. If they had done their job, such drastic move wouldn't be needed. Instead of pissing off Microsoft they should piss off no-ip and those two criminals that used this service to spread spam, malware etc. to the world. Just my 2 cents.

horbeme says:

if MS had a court order it seems to me NO-IP was notified before and ignored the notice, why blame MS? it same same thing ppl blame MS for not having all the apps when MS offers to create with their own resources and requiring the company sign off on it (google) for example. if a company wont do whats asked we should blame the company not MS, the irony is that most companies if not all (correct me if im wrong) use MS services on thier back end. funny aint it

According to ZDNet, this action had a major impact on the Syrian Electronic Army, as well as a number of other online attack groups.

http://www.zdnet.com/microsofts-no-ip-seizure-hit-syrian-electronic-army...

To that I say, good job! Hopefully we'll see an official announcement about the results soon.