Microsoft Seizes Malware Domains
Microsoft’s cybercrime-related seizure of 23 domains from No-IP.com, a Reno, Nev.-based company that provides a popular free dynamic DNS service, is causing outages for millions of legitimate users of the service — and at least one security vendor.
The No-IP.com outages are having an impact on some customers with SonicWall firewalls. SonicWall, which Dell acquired in 2012, supports No-IP.com and other dynamic DNS services in its products.
Hundreds of his SonicWall customers began experiencing outages on Monday. Some of these customers are apartment complexes that run security surveillance cameras behind SonicWall firewalls, using No-IP.com’s dynamic DNS service to relay the video feeds.
No-IP.com and other dynamic DNS services are commonly used by remote workers to connect VoIP phones and video cameras to the Internet. Their popularity stems in large part from the fact that purchasing static IP addresses are expensive.
Microsoft has justified its actions by claiming that No-IP.com’s domains have been regularly used in malware attacks against millions of Windows users. And in Microsoft’s view, No-IP.com hasn’t done enough to stop this activity.
Microsoft filed a restraining order against No-IP.com in the U.S. District Court for Nevada on June 19. The court transferred DNS authority over the domains to Microsoft a week later.
Microsoft, which has a well-established track record of using legal means to break up botnets, said No-IP.com bears the brunt of the blame for allowing criminals to use its service for nefarious purposes.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure,” Richard Domingues Boscovich, assistant general counsel in Microsoft’s Digital Crimes Unit, said in a blog post Monday.
If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online.
However, in seizing the domains, Microsoft has disrupted service for a large chunk of the dynamic DNS service’s users, No-IP.com said in a statement Monday. The company also claims that Microsoft never reached out to it first before going to the courts. “Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors,” No-IP.com said in the statement.
Security experts applaud Microsoft’s malware-fighting tactics. Big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move. With DNS names black-holed, the botnet essentially becomes useless since it cannot communicate back to its command infrastructure.
Unfortunately, it’s unclear how much of a long-term benefit Microsoft’s latest antimalware actions will have. Malware creators are always developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems.
Was Microsoft right in taking this action? Even though they had a court order, did they overstep their bounds? Let us know what you think.