Microsoft and No-IP reach settlement over malware takedown

Filed Under: Featured, Law & order, Malware, Microsoft, Security threats

No-IP and MicrosoftMicrosoft has reached a settlement with domain provider No-IP less than two weeks after it grabbed 23 internet domain names from the Reno, Nevada company.

Microsoft had filed a civil suit against No-IP's parent company Vitalwerks Internet Solutions on June 30 for its role in hosting malware that affected millions of PCs.

As part of its efforts to disrupt malware known as Bladabindi and Jenxcus, Microsoft took control of 23 No-IP.com domains which had, according to Vitalwerks, the unfortunate side effect of knocking out 1.8 million customer sites and over 5 million hostnames.

Now, according to an updated statement, echoed by Vitalwerks, Microsoft says it has reached a settlement:

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks' services.

Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware.

The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

Microsoft also recognised that a significant number of Vitalwerks' customers had been affected for which it apologised, saying it "regrets any inconvenience these customers may have experienced."

Despite the settlement between the two companies, the exact details of which have not been disclosed, Vitalwerks later took to its blog to have a dig at Microsoft, saying:

Microsoft suspected some of our customers were abusing our service for malicious purposes. However, instead of reporting the malicious activity to our abuse department or law enforcement, Microsoft decided to secretly sue us in civil court.

No-IP also claims that Microsoft's decision to file an ex parte restraining order made it impossible for the company to know about the malicious activity or to offer help in stopping it.

The company further claims that, had Microsoft furnished it with evidence of abuse, it would have been able to quickly validate the claims and take the appropriate action required to disable the malicious accounts:

This entire situation could have been avoided if only Microsoft had followed industry standards. A quick email or call to the No-IP abuse team would have removed the abusive hostnames from the No-IP network.

As with any argument, picking sides can often be difficult, especially for those on the outside looking in.

When Naked Security recently asked you for your views, we saw a fairly even split between those of you who thought Microsoft and the court had overreached (54%) and those of you who believe that the action taken was appropriate (46%).

No IP - Microsoft poll

Such a response makes me feel a whole lot better about sitting firmly on top of the fence with one leg dangling either side: whilst I think that No-IP is making all the right noises, and saying what it wants its customers to hear, I can't help but think that it should have had its house in order long before Microsoft felt the need to get involved.

I also find it curious that the company has offered nothing in the way of an explanation as to why its service was being used in a manner that is against its own terms of service.

On the other hand, Microsoft's response was arguably very heavy handed as the company took a machete into the operating theatre when a scalpel would have been far more appropriate.

Ironically, such an approach has probably ruled out similar operations in the future, irrespective of whether Microsoft turns up with a hatchet or a master surgeon.

With No-IP finishing its latest blog post by saying,

We hope that Microsoft learned a lesson from this debacle and that in the future they will not seize other companies domains and will use appropriate channels to report abuse.

...I do wonder whether free DNS services could also learn a thing or two from this case?

, , , , ,

You might like

4 Responses to Microsoft and No-IP reach settlement over malware takedown

  1. JR · 102 days ago

    Again I ask, why does Microsoft have standing to even ask to take over domains from another company... and what sort of judge allows this? It's as if the the Justice Department has deputized Microsoft. Just bizarre.

    • johnc · 102 days ago

      I agree. Who made Microsoft or any other private enterprise the internet police? Law enforcement has to be left to those accountable to the public through elections or elected officials not to internet vigilantes.

  2. clifford cuellar · 102 days ago

    What right does Microsquash have to be judge, jury, and executioner? It would seem that MS has two different rule sets. Responsible error reporting for MS flaws and this draconian measure for other sites. Yes No-IP had a serious problem, but MS should have followed their own protocol and contacted N0-IP about a possible fix before taking such action.

  3. SumGuy · 102 days ago

    Microsoft has a digital crimes division. It would seem as if they have become part of law enforcement. If corps can become law its only a matter of time before those corps overturn the government.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.