Microsoft Seizes Then Returns No-IP Domains
No-IP.com is a dynamic DNS and hosting company. Their specialty? Hosting DNS services so malware, toolbars, FakeAV, secondary downloads, botnets, and other badware can exist. Microsoft convinced a Nevada judge to allow them to seize the no-ip.com, .org, and .me domains to wipe out this internet scourge, but less than a week later, these domains have been returned to the former owners. It seems like a bit of a cluster.
From ThreatPost here:
Less than a week after Microsoft seized nearly two dozen domains owned by a small hosting provider as part of a takedown of a malware operation, all of those domains are back in the control of the provider, No-IP.
When Microsoft announced the takedown on June 30, officials said that the company had gotten a temporary restraining order from a judge in Nevada allowing it to take over 23 domains owned by a company called Vitalwerks, which operates No-IP.com and No-IP.org. The hosting provider also runs a free dynamic DNS service, which Microsoft claimed was abused, along with the hosting services, by cybercriminals involved in the operation of the Bladabindi and Jenxcus malware families.
Officials at Vitalwerks denied that the company knowingly allowed attackers to use the company’s infrastructure and services, and said that Microsoft hadn’t even contacted the company before the seizure. They also said that the domain seizure affected many of the company’s other customers, and a couple of days after the initial takedown Microsoft admitted that a “technical error” had led to that problem, but it had been resolved. But as of the end of last week, Vitalwerks officials said that their customers still were experiencing outages.
But now, all of the seized domains have been returned to the control of Vitalwerks, a remarkable shift in circumstances.
Vitalwerks is either inept or a liar. Scores of malware families use No-IP.com addresses to maintain their uptime and availability. Just check out the prodigious list over at VirusTotal. Of course they knew that malware is enabled by their infrastructure and services. The alternative is that they are willingly blind to what malware authors and cyber criminals are doing with their network- which means there is no security monitoring in place.
Either way, the additional claim that they have corporate, non-criminal customers that were affected seems dubious to me. Any business needs to do some due-diligence when selecting online services. No-IP has such a poor reputation from hosting criminal malware that no real business would want to be associated with them. The no-ip domains are often blocked by many corporations, so hosting DNS or web services with them would be a big mistake if you hope to attract corporate-sourced internet traffic.
And now that No-IP seems prone to FBI and Microsoft takedowns, malware authors and crimeware businesses will likely find somewhere else to run their malware.
