Microsoft and No-IP reach settlement over malware takedown

Microsoft and No-IP reach settlement over malware takedown

No-IP and MicrosoftMicrosoft has reached a settlement with domain provider No-IP less than two weeks after it grabbed 23 internet domain names from the Reno, Nevada company.

Microsoft had filed a civil suit against No-IP’s parent company Vitalwerks Internet Solutions on June 30 for its role in hosting malware that affected millions of PCs.

As part of its efforts to disrupt malware known as Bladabindi and Jenxcus, Microsoft took control of 23 domains which had, according to Vitalwerks, the unfortunate side effect of knocking out 1.8 million customer sites and over 5 million hostnames.

Now, according to an updated statement, echoed by Vitalwerks, Microsoft says it has reached a settlement:

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks' services.

Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware.

The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

Microsoft also recognised that a significant number of Vitalwerks’ customers had been affected for which it apologised, saying it “regrets any inconvenience these customers may have experienced.”

Despite the settlement between the two companies, the exact details of which have not been disclosed, Vitalwerks later took to its blog to have a dig at Microsoft, saying:

Microsoft suspected some of our customers were abusing our service for malicious purposes. However, instead of reporting the malicious activity to our abuse department or law enforcement, Microsoft decided to secretly sue us in civil court.

No-IP also claims that Microsoft’s decision to file an ex parte restraining order made it impossible for the company to know about the malicious activity or to offer help in stopping it.

The company further claims that, had Microsoft furnished it with evidence of abuse, it would have been able to quickly validate the claims and take the appropriate action required to disable the malicious accounts:

This entire situation could have been avoided if only Microsoft had followed industry standards. A quick email or call to the No-IP abuse team would have removed the abusive hostnames from the No-IP network.

As with any argument, picking sides can often be difficult, especially for those on the outside looking in.

When Naked Security recently asked you for your views, we saw a fairly even split between those of you who thought Microsoft and the court had overreached (54%) and those of you who believe that the action taken was appropriate (46%).

No IP - Microsoft poll

Such a response makes me feel a whole lot better about sitting firmly on top of the fence with one leg dangling either side: whilst I think that No-IP is making all the right noises, and saying what it wants its customers to hear, I can’t help but think that it should have had its house in order long before Microsoft felt the need to get involved.

I also find it curious that the company has offered nothing in the way of an explanation as to why its service was being used in a manner that is against its own terms of service.

On the other hand, Microsoft’s response was arguably very heavy handed as the company took a machete into the operating theatre when a scalpel would have been far more appropriate.

Ironically, such an approach has probably ruled out similar operations in the future, irrespective of whether Microsoft turns up with a hatchet or a master surgeon.

With No-IP finishing its latest blog post by saying,

We hope that Microsoft learned a lesson from this debacle and that in the future they will not seize other companies domains and will use appropriate channels to report abuse.

…I do wonder whether free DNS services could also learn a thing or two from this case?