Continuing its crusade against global cybercrimes, Microsoft filed a civil case in the court against a U.S. company, named as No-IP.com and was granted control of 22 domains run by No-IP.com. Microsoft said that Vitalwerks Internet Solutions, LLC (doing business as No-IP.com) has been creating, controlling, and assisting in infecting millions of computers with malicious software.
This activity has harmed Microsoft, its customers and the public at large, said Microsoft. Apart from No-IP.com Microsoft has also named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi for their alleged role in spreading cybercrimes.
Domains of No-IP.com may have been compromised
Alleging that the domains of No-IP.com were being used by cybercriminals to manage and distribute malware, Microsoft said that cybercriminals are using them to infect computers with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware.
Sounding caution against free Dynamic DNS providers, Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit, wrote on the company’s blog,
“Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domain. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains”.
Microsoft said that it would be monitoring the 22 free No-IP domains, identifying and routing all known bad traffic to the Microsoft sinkhole and classify the identified threats. The information would then be added to the Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware.
Update: David Finn, Executive director and associate general counsel of Microsoft’s Digital Crimes Unit, sent as email stating that due to a technical error, some customers whose devices were not infected by the malware has experienced a temporary loss of service.
While, the Free Dynamic DNS provider,No-IP.com has formally replied to Microsoft’s action, saying that Microsoft never contacted them even though they were open to any line of communication. “Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users”, said No-IP.com on their website.