Microsoft says it now 'regrets' creating issues for No-IP customers


Microsoft has now issued a formal statement saying it "regrets any inconvenience" to the millions of legitimate website customers of the No-IP domain service as part of Microsoft's plans to shut down two criminal botnets last week.

As part of Microsoft's ongoing campaign against cybercriminals, the company got a court order to redirect traffic on targeted domains hosted by the Nevada-based No-IP to stop online activity generated by the NJrat and Jenxcus botnets.

Unfortunately, those efforts also shut down millions of No-IP's non-criminal website customers, due to a technical error. Today, Microsoft and No-IP's parent company, Vitalwerks, announced a settlement has been reached between the two companies.

In its new statement, Microsoft said that it was "confident" Vitalwerks was unaware that subdomains managed by No-IP were being used by the criminal botnets that Microsoft targeted last week. The statement added:

Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware. In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

What do you think of this attempt at a apology by Microsoft?

Source: Microsoft



There are 39 comments. Sign in to comment

They're still a more honorable company than Google that's for sure... but that's not saying much.

PeterFnet says:

Unfortunate side effect, but I'm happy to see them being so proactive against malware/viruses/botnets

Novron says:

No, this was the equivalent of an FBI raid on an entire data center to shut down one web-site. It should scare the shit out of you one private company has this kind of power.

WebColin70 says:

No it shouldn't. This is not the government, which would be a whole other story and indeed cause for concern, it's a company taking action to protect the majority of its customers from a small number of criminals. They sued in court, went through all the appropriate channels. No-IP (presumably) could have notified its users that this would happen. No-IP is the party that really should be issuing the apology for their lax security and a business model that invited criminal activity that affects millions of legit users.

Novron says:

No, dumbass, No-IP was never notified. MS had all their traffic stripped and No-IP didn't know what was going on until after it was done.

WebColin70 says:

Sorry for the late reply, just saw your response. What you wrote is clearly false. MS and No-IP were in a long-running dispute over this. I don't know that No-IP knew ahead of time the exact time that this would go into effect, so perhaps you are correct that they didn't know the exact time or day that their users would be affected, but MS only went the court route because No-IP refused to work with them to stop the criminals. No-IP absolutely knew this was or could be coming, even if they didn't know exactly when.

If you are harboring a thief in your basement, and the police come and tell you they want to search your house because they believe he's there, and you so "no, not without a warrant", don't be surprised when they come back with a warrant. That's what No-IP is doing here. And of course they are trying to argue that this is Microsoft's fault -- they need to put the most positive spin on this as possible to try to preserve some customers.

But don't suggest for a moment that Microsoft is the bad guy here. Microsoft did exactly what they should have done: taking steps at their expense to protect their costumers from NO-IP's harboring criminals who hurt us all and degrade the entire Internet with their spam distribution.

a008 says:

same here, I was affected by the "technical error" but I am fine with that.  But paid no-ip users affected by this should receive a small compensation.  Maybe a 10 to 20% discount on their service fee? 

Zippier says:

That's a real apology not an attempt. ???

TechniqS says:

Taking down the botnet was more important IMO. No-IP's business model is just asking for abuse by bad actors.

NIST says:

People get hurt in war. Deal with it.

Novron says:

Glad you feel that way. Remember that when your home becomes collateral damage.

NIST says:

I'm in good hands

I could have a fierce, "Russelian" debate with you on this issue ending in your total intellectual oblivion and destruction. Fortunately for you, I am not in the mood right now.

NIST says:

Fortunately for you, you make me laugh. Dance fool, dance for me.

I keep hearing the Allstate guy in my head when i read this.

dnmartin98 says:

When this headline came through as a notification on my 920 it just said 'WPcentral: Microsoft says it now "Regrets".... I clicked on the link expecting it say something about MS launching the standalone Xbox Music app.....

CombatRock says:


MikeSo says:

I was hoping it would be about the Nokia X line of phones. :)

Jack Janik says:

The title preview made me my mind jump to conclusions that it said "Microsoft says it now Regrets Xbox Music"..

I wish..

rory753 says:

seems faster!

Richard_Indy says:

Seems regretful

xFalk says:

Vitalwerks should have known what was happening on their servers, not having to be told by Microsoft or any other outside entity.  If they had taken the proper due diligence there wouldn't have been any issues with innocent domains.  All fault falls with Vitalwerks.

TechFreak1 says:

Its a tough call, it boils down to this - what is more important privacy or security as Vitalwerks / No-Ip would have to monitor and scan every single packet that flows through their network. This approach is not feasible for any company, if you take into account the cost:benefit ratio as all companies thrive on profit. Without profit they will wither and die. Best way to think of this - a company is a tree, it needs water (profit) and nutrients (customers) to survive.

When 93% of your traffic is botnet malware... you're clearly not even making a token effort at monitoring your network.  Maybe not every packet but I would at the very least do "spot checks" on clients randomly.  Put it in your TOS.  "Due to extreme levels of abuse we will make random checks of traffic to prevent abuse." 

xFalk says:

When a company opens shop in a mall, the mall has a responsibility to the general public to ensure that a store front isn't an illegal operation.  That does not mean they are the police but that they can be held liable for any harm that occurs if they don't make a reasonable effort to identify any prevent.  The same should hold true for any ISP/server provider. They have an obligation to at least put some reasonable effort into identifying and preventing activity occuring on their servers by their customers that may harm the general public.  No one should be able to legally make money off of other peoples illegal activites.... unless they are a lawyer....or Google ;o)

TechFreak1 says:

Looks like I'm not the only one who thought it was about xbox music lol.

Microsoft's action against NO-IP and also the regret for affected genuine customers are acceptable for the sake of our security.

daftrobo says:

An apology? Do people still need that?

misfitpierce says:

I accept the apology lol

Dueydoodah says:

I would not have cared if I were on no-ip as long as they twarted the freaking bots. Justified in my book.

MSFTMatt says:

An outage for a bit to protect against identity and computer fraud for potentially millions of unaware people. I say they should just admit they are sorry for the problem, but not sorry they fought for what's right to correct it. And the users who who effected should be happy that the botnet didn't get worse...