Microsoft says it now 'regrets' creating issues for No-IP customers


Microsoft has now issued a formal statement saying it "regrets any inconvenience" to the millions of legitimate website customers of the No-IP domain service as part of Microsoft's plans to shut down two criminal botnets last week.

As part of Microsoft's ongoing campaign against cybercriminals, the company got a court order to redirect traffic on targeted domains hosted by the Nevada-based No-IP to stop online activity generated by the NJrat and Jenxcus botnets.

Unfortunately, those efforts also shut down millions of No-IP's non-criminal website customers, due to a technical error. Today, Microsoft and No-IP's parent company, Vitalwerks, announced a settlement has been reached between the two companies.

In its new statement, Microsoft said that it was "confident" Vitalwerks was unaware that subdomains managed by No-IP were being used by the criminal botnets that Microsoft targeted last week. The statement added:

Microsoft identified malware that had escaped Vitalwerks' detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware. In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

What do you think of this attempt at a apology by Microsoft?

Source: Microsoft


Reader comments

Microsoft says it now 'regrets' creating issues for No-IP customers


No, this was the equivalent of an FBI raid on an entire data center to shut down one web-site. It should scare the shit out of you one private company has this kind of power.

No it shouldn't. This is not the government, which would be a whole other story and indeed cause for concern, it's a company taking action to protect the majority of its customers from a small number of criminals. They sued in court, went through all the appropriate channels. No-IP (presumably) could have notified its users that this would happen. No-IP is the party that really should be issuing the apology for their lax security and a business model that invited criminal activity that affects millions of legit users.

No, dumbass, No-IP was never notified. MS had all their traffic stripped and No-IP didn't know what was going on until after it was done.

Sorry for the late reply, just saw your response. What you wrote is clearly false. MS and No-IP were in a long-running dispute over this. I don't know that No-IP knew ahead of time the exact time that this would go into effect, so perhaps you are correct that they didn't know the exact time or day that their users would be affected, but MS only went the court route because No-IP refused to work with them to stop the criminals. No-IP absolutely knew this was or could be coming, even if they didn't know exactly when.

If you are harboring a thief in your basement, and the police come and tell you they want to search your house because they believe he's there, and you so "no, not without a warrant", don't be surprised when they come back with a warrant. That's what No-IP is doing here. And of course they are trying to argue that this is Microsoft's fault -- they need to put the most positive spin on this as possible to try to preserve some customers.

But don't suggest for a moment that Microsoft is the bad guy here. Microsoft did exactly what they should have done: taking steps at their expense to protect their costumers from NO-IP's harboring criminals who hurt us all and degrade the entire Internet with their spam distribution.

same here, I was affected by the "technical error" but I am fine with that.  But paid no-ip users affected by this should receive a small compensation.  Maybe a 10 to 20% discount on their service fee? 

Taking down the botnet was more important IMO. No-IP's business model is just asking for abuse by bad actors.

I could have a fierce, "Russelian" debate with you on this issue ending in your total intellectual oblivion and destruction. Fortunately for you, I am not in the mood right now.

When this headline came through as a notification on my 920 it just said 'WPcentral: Microsoft says it now "Regrets".... I clicked on the link expecting it say something about MS launching the standalone Xbox Music app.....

The title preview made me my mind jump to conclusions that it said "Microsoft says it now Regrets Xbox Music"..

I wish..

Vitalwerks should have known what was happening on their servers, not having to be told by Microsoft or any other outside entity.  If they had taken the proper due diligence there wouldn't have been any issues with innocent domains.  All fault falls with Vitalwerks.

Its a tough call, it boils down to this - what is more important privacy or security as Vitalwerks / No-Ip would have to monitor and scan every single packet that flows through their network. This approach is not feasible for any company, if you take into account the cost:benefit ratio as all companies thrive on profit. Without profit they will wither and die. Best way to think of this - a company is a tree, it needs water (profit) and nutrients (customers) to survive.

When 93% of your traffic is botnet malware... you're clearly not even making a token effort at monitoring your network.  Maybe not every packet but I would at the very least do "spot checks" on clients randomly.  Put it in your TOS.  "Due to extreme levels of abuse we will make random checks of traffic to prevent abuse." 

When a company opens shop in a mall, the mall has a responsibility to the general public to ensure that a store front isn't an illegal operation.  That does not mean they are the police but that they can be held liable for any harm that occurs if they don't make a reasonable effort to identify any prevent.  The same should hold true for any ISP/server provider. They have an obligation to at least put some reasonable effort into identifying and preventing activity occuring on their servers by their customers that may harm the general public.  No one should be able to legally make money off of other peoples illegal activites.... unless they are a lawyer....or Google ;o)

Microsoft's action against NO-IP and also the regret for affected genuine customers are acceptable for the sake of our security.

An outage for a bit to protect against identity and computer fraud for potentially millions of unaware people. I say they should just admit they are sorry for the problem, but not sorry they fought for what's right to correct it. And the users who who effected should be happy that the botnet didn't get worse...