Microsoft takes down accounts hosted through No-IP in latest malware crackdown

By published

Microsoft has publicly announced a malware crackdown targeting selected domains hosted through the DNS service No-IP. The company is continuing its war against the spread of malware online, but it seems as though innocent web users have been affected by the shut down. Microsoft received the go-ahead from a Nevada court to redirect traffic on targeted domains to stop the NJrat and Jenxcus botnets. These botnets relied on the No-IP framework to remain online and be constantly connected to the internet.

Microsoft notes in an official post (opens in new tab) over on Tech Net that "research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains". The company shared some alarming numbers, detailing that more than 7.4 million Bladabindi-Jenxcus detections were captured over the past 12 months (excluding those seen by other anti-virus companies).

Check out the infographic below on how cybercriminals leverage services like No-IP.

Malware Infographic

Citing reports from OpenDNS, Cisco, Symantec and other companies in the complaint against the free DNS provider, Microsoft states that No-IP has consistently ignored warnings provided regarding criminal activity operating on its network, failing to take into account the severity of the situation. Unfortunately, once Microsoft gained control of domains in question, the company's attempts to filter through legitimate traffic failed and innocent users were affected.

In a statement published by No-IP on the provider's blog, it's claimed Microsoft has been unable to cope with the sheer volume of traffic and that the company failed to get in touch with No-IP, noting how already-established communication channels were not utilized. It's a strange move by No-IP to call Microsoft (and other security providers) out on not providing ample reports on detected malware, as well as allowing said practices to take place, since it's hard to imagine such a situation where lack of detail was provided prior to a crackdown.

No-IP ends its statement by reiterating the provider is doing all it can to resolve the situation quickly and restore service to its customers.

Rich Edmonds
Rich Edmonds

Rich Edmonds is Senior Editor of PC hardware at Windows Central, covering everything related to PC components and NAS. He's been involved in technology for more than a decade and knows a thing or two about the magic inside a PC chassis. You can follow him over on Twitter at @RichEdmonds.
21 Comments
  • Good
  • Well there goes another way around geofence(not that they ever had quick service)
  • That kinda blows. I have used noip in the past and recommended it to some people that I assisted with from a technology perspective.
  • Yeah, I use No-IP, heck I'm a paying customer. Microsoft and the others "solution" they have offered in meaningless blog postings has been to shut down their free dDNS service. Thankfully a Nevada court said , "oooh MS says cyber crime and malwarez, we better listens" and shut it all down. /rolleyes
  • You realize that Microsoft's method has stopped countless worms from spreading across zombie botnets right? There was a good article on it a few years ago. Maybe do a little more research into the whole process, its successes and then make your snide remarks.
  • Your incoherent rant is juvenile. MS do more for ridding the world of Spam and Malware than any of the big 3. If only Google put as much effort into it as MS does. You should shut your pie whole mate. No IP knew exactly what they were harbouring and did nothing (despite warnings) to preven the criminal activity, that makes them complicent in my book. They can stick it up their behinds. You on the other hand need to applaud MS and move your nonsense bit torrent machine to another DNS provider.
  • The amount of spam we get at work through Mimecast originating from GMail accounts is a joke. I wish Google would pay more attention like Microsoft.
  • My dns gone busted to :/Time to use another domain.. Any ideas?
  • Better try something outside of the US before Microsoft decide to shut more down. GJ Microsoft destroying a service millions of people are using to secure 10 people in a botnet. THIS is american style...
  • A 10 person botnet wouldn't even register in there reports. Try 7.4 million. Go do some research on their method and the benefits it has in dealing with these infections, it's pretty interesting stuff.
  • When the vast majority of traffic carried by a service is used by criminals and they have been notified repeatedly and failed to take action even when action was possible then it is reasonable to assume they are somewhat complicit (especially since much of their income would be derived from this criminal activity). I don't feel any sympathy at all for the companies affected and if I were the court I would have probably taken an even stronger stand and found the companies in question liable for damages of some sort if not criminal negligence.
  • Mine is down too, looking for alternatives....
  • I know my computer is completely infected by malware because of the websites I visit.
  • You should probably destroy it and get a new one. It could participate in attacks on websites and other shenanigans.
    Edit: and an uninfected computer is faster.
  • This is only in Nevada? And I'm hoping it doesn't apply across the world...
  • I'm in Portugal and my DNS gone busted to :/
  • Same here. It rendered my work almost useless. I used it for website development.
  • What's this have to do with 1password?
  • I also was surprised to see a logo for 1Password and was worried thinking they are not reliable as I use 1Passwotd to save all my passwords and driving licence etc.
  • Hit em where it hurts, in the pocket. Up yours No-IP. You alledgidly knew _exactly_ what you were doing harbouring these botnet bar stewards. Up yours, and get your house in order, companies like these who turn a blind eye to criminals and trouser money are a stain on the Internet.  
  • Funny since the same company said they have a very open channel with Microsoft executives and were not once consulted. Given that this kind of ruling will likely lead to a slippery slope where it's going to be abused by good big brother, it makes you think whether this is why Microsoft took a preemptive to lambast the governement for what it's been doing as a plausible deniability of sorts. The latter point being especially ironic since microsoft to the initiative to volunteer itself, first in line with the gov'ts exploits