When Microsoft seized control of 23 free domain names usually controlled by dynamic DNS service No-IP on Monday, it disrupted malware networks used by cybercriminals to infect victims with NJrat and NJw0rm backdoors, as well as some APT operations.
Unfortunately, it also affected a great number of legitimate users, many of which have taken to Twitter to protest Microsoft’s officious interference.
“Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors,” No-IP marketing manager Natalie Goguen stated yesterday.
David Finn, Executive Director and Associate General Counsel, Digital Crimes Unit, apologised and explained: “Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”
“Services were not restored at 6am, in fact they are still not up at this moment,” Goguen responded. “At 6am, they seemed to make a change to forward on the good traffic, but it didn’t do anything. Although they seem to be trying to take corrective measures, DNS is hard, and they don’t seem to be very good at it.”
She also advised affected users to create a new hostname on a domain that has not been seized by Microsoft: ddns.net, webhop.me, serveminecraft.net, ddnsking.com, and onthewifi.com.
“We apologize for this outage. At this point it is completely out of our hands, but please understand that we are fighting for you,” she added.
The security community is divided in its opinion on whether Microsoft’s move was a good idea. While everybody thinks it’s laudable that Microsoft is fighting malware and the criminals who wield it, many find it worrying that Microsoft has been allowed to take over part of another company’s infrastructure.
“It’s a crazy world where one corporation can decide that another one isn’t doing its job good enough and then simply get legal backing for taking the services of that company down,” commented Andreas Lindh, security analyst at I Secure Sweden. “If not being “good enough’ at security on some ad-hoc scale is enough for being taken down, lots of people should have been shut down a long time ago, including Microsoft back in the day.”