No-IP Domain System Users Return Online After Microsoft Takedown
The legal seizure of domains, and the resulting disruption to legitimate users, will likely define the precedent for future civil actions against companies that seemingly do not do enough to clean their networks.After nearly a week, the last users of the dynamic domain-name system known as No-IP are back online and able to reach their servers through the service, following technical glitches resulting from Microsoft's seizure of 23 domain names belonging to company. Microsoft seized the domains on June 30 without notifying No-IP in an attempt to dismantle cyber-criminals' use of the service to infect and steal data from more than 7.4 million Windows users, the company said. By taking over the 23 domains, Microsoft aimed to filter out malicious traffic and allow legitimate users to access their systems through the dynamics DNS service. Instead, a technical glitch on Microsoft's part resulted in millions of users being disconnected from their systems, according to No-IP. Microsoft worked to reconnect legitimate users, while No-IP argued in Nevada district court to get the domains returned. In the end, both succeeded: All users should have been able to access their systems and accounts on July 4, No-IP said on July 3. "We would like to give you an update and announce that ALL of the 23 domains that were seized by Microsoft on June 30 are now back in our control," the firm stated in a blog post. "Please realize that it may take up to 24 hours for the DNS to fully propagate, but everything should be fully functioning within the next day."
The seizure of the domains represented Microsoft's 10th botnet takedown using a combination of civil and technical actions. Microsoft aimed to disrupt a variety of botnets based on two programs, njRAT and njw0rm, which it refers to Bladabindi and Jenxcus, respectively. Of the domains used by the botnets, 93 percent were hosted on No-IP, according to Microsoft. While some past actions caused conflict with security researchers and small technical problems, the latest takedown caused widespread problems among the legitimate users of No-IP.