Microsoft abandons No-IP malware case

Microsoft abandons No-IP malware case

Summary: What started as Microsoft warring against botnets ended with Microsoft quietly surrendering as the company drops its case against the dynamic DNS company No-IP.


Microsoft's Digital Crimes Unit started its latest botnet take down with a bang by taking over 21 high-level domains, but it ended with a whimper as Microsoft dropped its case against the dynamic Domain Name System (DNS) Internet provider No-IP.


Microsoft convinced the US District Court in Nevada in June that Vitalwerks Internet Solutions, under the tradename, had made it possible for web servers using its services to distribute malware. Specifically, Microsoft claimed that No-IP had allowed sites to spread the Bladabindi and Jenxcus families of malware.

Microsoft then got the court to issue an ex parte order that gave it control of all of No-IP Internet addresses. No-IP was not given a chance to respond to Microsoft's claim before the order was issued.

Microsoft's efforts did stop some malware activity, but it also knocked out many of No-IP's innocent users.

David Finn, Executive Director and Associate General Counsel of Microsoft's Digital Crimes Unit, said: "Microsoft took steps to disrupt a cyberattack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an internet solutions service."

"Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service," he added.

No-IP was not amused.

In a statement immediately after the take-down, Natalie Goguen, No-IP's Marketing Manager, wrote, "We want to update all our loyal customers about the service outages that many of you are experiencing today.

It is not a technical issue. On Wednesday, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the sub-domains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any sub-domains, even though we have an open line of communication with Microsoft corporate executives."

The users, several million of them by No-IP's count, were also not amused.

Still, according to security company Kaspersky Lab, Microsoft's domain seizures put a crimp into the operations of multiple botnets.

At the same time, as Claudio Guarnieri, an independent security researcher, told the respected security publication Threatpost: "The wild use of domain sink-holing has been a controversial discussion for a long time; the fact that we’re seeing corporations like Microsoft seizing assets belonging to legitimate companies made many peers in our community drop their jaws."

Microsoft started backing off from its heavy-handed efforts to control No-IP's service and domains in early July. On July 3, Microsoft returned the 23 seized domains to No-IP. And now today, July 9th, Microsoft admitted that, "Vitalwerks was not knowingly involved with the sub-domains used to support malware. Those spreading the malware abused Vitalwerks’ services."

Vitalwerks stated: "Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks sub-domains used to control the malware."

Microsoft said that "a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced."

The case itself is over.

The moral of the story? While seizing botnet-infected servers and domains has indeed proven to be a good way of stopping them, allowing companies such as Microsoft to act as the police without due process is clearly giving them too much power. Clearly, there needs to be a better way of reviewing legal action against purported botnet providers.

Related stories:

Topics: Security, Legal, Microsoft, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Theoretically, it was due process. That being said . . .

    "allowing companies such as Microsoft to act as the police without due process is clearly giving them too much power."

    Theoretically, it was due process. Microsoft did have to go through the court system to do it.

    That being said, it sounds as if this particular court wasn't tech savvy enough to know the implications of shutting down all of those domains.

    We do have some issues with courts and lawmakers not knowing much about the technology they're ruling on, unfortunately.
    • Due process allows the other side to have their say

      There was no due process. No=IP was never notified of the problems. Due process means that if the government is going to take you house away from you they have to at least tell you that and let you appear in court. What Microsoft is allowed to do is the same thing as what the NSA gets to do which is to operate without due process. Do you now understand what due process is?
      Tim Jordan
      • To an extent

        The law doesn't normally require the police notify criminal suspects that they have applied for a warrant to search their houses or offices or to tap their phones; but certainly before property or privileges are forfeited permanently, due process requires that the holder be afforded the privilege of contesting the forfeiture and the means of effectively doing so.
        John L. Ries
  • likely not just a 'tech savvy' issue...

    having read *part* of the linked material, Microsoft was 'correct.' seems like fail all around, including the court not pressing Microsoft on unintended and/or foreseeable consequences.
  • Too much assumed power

    Typical of Microsoft and their legal/political jack-booted teams. Their seems to be a pattern of thought that Microsoft it's self is the ultimate authority on all matters IP.
  • It would seem that this should leave MS

    Open to a lawsuit for loss of income to those domains taken down in error.
    • Not to mention any income loss to Vitalwerks Internet Solutions

      I wonder why Microsoft did not, first, approach Vitalwerks Internet Solutions to take down domains known to be serving the malware ...
      Rabid Howler Monkey
    • It should

      But indemnification is rather fashionable at the moment, so this is not guaranteed.
      John L. Ries
  • Don't assume

    Don't assume because the case was dropped they are not guilty of profiting from criminal activity. It's just there isn't a good enough case to continue. Microsoft has no motivation except to protect it's customers. The people hosting spammers and malware distributors are purely motivated by money.
    Buster Friendly
    • I guess that also explains why MS is still in business...

      MS has been caught many times with its hand in the till...
    • MS has no motivation...

      ...except to protect its own interests and to enforce its legal privileges. The usual expectation (moral or not) is that a vendor's customers are responsible for looking out for their own interests. The job of looking out for the public interest generally falls on Big Bad Government.

      In this specific case, I think the motive is to minimize the damage to its reputation caused by the apparent ease with which Windows systems are hijacked by third parties.
      John L. Ries
  • Unless they are convicted in a court of law...

    ...then they are indeed 'not guilty'.

    Microsoft overstepped and so did the court. I'd be surprised if a lawsuit doesn't result from this.
    • False

      That's false. First, civil proceedings to not have an assumption of innocence. Second, being found not guilty in a court does not mean not guilty in reality.
      Buster Friendly
      • "...does not mean not guilty in reality"

        Courts exist for two reasons:

        1. To arbitrate disputes between individuals, or groups; or between government officials and either.

        2. To punish those found guilty of violating the law.

        Unless one is a witness to a crime, it's hard to know for certain whether or not someone is guilty, and thousands of years of experience suggest that allowing private individuals to punish people they "know" are guilty does much more harm than good. That said, I think the presumption of innocence holds even in civil cases to the extent that it's the duty of the plaintiff to prove that he or someone for whom he is responsible was damaged by the actions of the defendant, and that he therefore entitled to relief; it's only the duty of the defendant to refute the evidence presented and the legal arguments made, not to prove his innocence.
        John L. Ries
    • Silly statment!

      So every person or business in the world who have had a case "Dropped" (not found innocence) has not done what they have bee accused off!
      • Dropping the case doesn't prove innocence...

        ...but it doesn't prove guilt either.
        John L. Ries
  • Confirms The Worst Tho'ts About Microsoft

    For some who love/need to hate MS.
    It sounds rather that MS did use a jackhammer when a sledge would have done the job nicely. Due to insufficient regard of the Law of Unintended Consequences.
    But, Microsoft will learn from this. Lawsuits or not.
    At least they are using their own money and expertise to take down these internationally injurious Botnets.
    Can someone tell me if Google or Apple do this? I'm truly am not aware that they do.
    As much as I sometimes don't like MS at all, I try to give credit where credit is due.
    • It's worse than that

      Microsoft has the responsibility and capability to stop the botnets through their own software. They are the providers of the very operating systems that are infected. They should overhaul said operating systems to be more secure and prevent the botnets from being able to operate in the first place.

      Instead, they have people convinced that to fix the problem (ie: the holes in their software), they need to be able to seize the property of potential competitors. What a ridiculous assertion.

      Apple doesn't try to police the internet because they here already setup a walled garden that they are clearly in their right to police and that is their App Store. It is one of the reasons that malware is harder to find on iOS. And they take down apps and keep they patch their products in a relatively timely manner. Why can't Microsoft do the same?

      Instead, they overreach their boundaries and are trying to police a system that they have no right to police. And the fools who think that it is a good idea to give them that power can't see the wolf among the sheep.
      • partially true

        While your comment is partially true, its the heart of Microsoft's business to do the opposite. Your reference to apple is partially valid as well. Its also the reason why on many idevices you must only install software through Itunes (and as a result are subject to even more of apples terms). While Microsoft seems to be moving that direction, developers are still provided the option of publishing software through their own channels (rather than having to go through the windows store). To enable this, also allows people/things with more nefarious intent to install applications on the OS. Lets not just blame Microsoft though. Android has the same issue. That being said, I've been a windows user for years. I dont even remember the last time I was affected my malicious software. Just takes a little common sense. 3 dollar penis pills!? I'll go to my doctor thanks.
      • MS has a responsibility... take reasonable steps to minimize the risk that its products will injure its customers, or the public at large. It's the responsibility of computer owners to secure their own systems.
        John L. Ries