Microsoft has publicly announced a malware crackdown targeting selected domains hosted through the DNS service No-IP. The company is continuing its war against the spread of malware online, but it seems as though innocent web users have been affected by the shut down. Microsoft received the go-ahead from a Nevada court to redirect traffic on targeted domains to stop the NJrat and Jenxcus botnets. These botnets relied on the No-IP framework to remain online and be constantly connected to the internet.
Microsoft notes in an official post over on Tech Net that "research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains". The company shared some alarming numbers, detailing that more than 7.4 million Bladabindi-Jenxcus detections were captured over the past 12 months (excluding those seen by other anti-virus companies).
Check out the infographic below on how cybercriminals leverage services like No-IP.
Citing reports from OpenDNS, Cisco, Symantec and other companies in the complaint against the free DNS provider, Microsoft states that No-IP has consistently ignored warnings provided regarding criminal activity operating on its network, failing to take into account the severity of the situation. Unfortunately, once Microsoft gained control of domains in question, the company's attempts to filter through legitimate traffic failed and innocent users were affected.
In a statement published by No-IP on the provider's blog, it's claimed Microsoft has been unable to cope with the sheer volume of traffic and that the company failed to get in touch with No-IP, noting how already-established communication channels were not utilized. It's a strange move by No-IP to call Microsoft (and other security providers) out on not providing ample reports on detected malware, as well as allowing said practices to take place, since it's hard to imagine such a situation where lack of detail was provided prior to a crackdown.
No-IP ends its statement by reiterating the provider is doing all it can to resolve the situation quickly and restore service to its customers.