This is some classic Reno bullshit, right here.
A Nevada federal court gave Microsoft the authority last Thursday to temporarily seize control of 23 domains owned by Reno-based Vitalwerks Internet Solutions, LLC — part of the tech giant's expanding crackdown on malicious software.
Under the DBA name No-IP.com, Vitalwerks provides and hosts free dynamic DNS services that have become a popular hub between hackers and their botnet legions. Microsoft's Digital Crimes Unit estimates that somewhere around 7.4 million infected Windows devices were liberated in their (daring?) raid Monday. As Richard Domingues Boscovich, the Assistant General Counsel for Microsoft: DCU put it:
We're taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we've predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims' computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.
So, first off: Ha, ha! Notorious malware crime families!
Secondly, curious parties can read the full text of Microsoft's suit against Vitalwerks, Mohamed Benabdellah (the Algerian national), and Naser Al Mutairi (the Kuwaiti one) here.
Lastly, quite a few innocent users of No-IP's services, security professionals in particular, found themselves caught in Microsoft's dragnet and took to a few of their favorite outlets (Slashdot, Reddit, Ars, Etc.) to voice their aggrievement.
"They have always been very responsive to security researchers and law enforcement," Dmitri Alperovitch, co-founder of security firm CrowdStrike, said of No-IP in an interview with cyber security reporter Brian Krebs yesterday. Unlike some previous targets of Microsoft's litigation, Alperovitch did not view the firm as one of those "bullet-proof" hosting providers who make severe bank by actively shielding their ethically challenged customers from the law.
No-IP's marketing manager Natalie Goguen also made the rounds, telling reporters that the firm had only located 2,000 active malicious hostnames out of the roughly 18,000 j'accused by Microsoft. In the meantime, the company has been left with a customer support clusterfuck: upwards of four million hostnames offline as of late last night.
"Millions of innocent users are experiencing outages to their services because of Microsoft's attempt to remediate hostnames associated with a few bad actors," Goguen reported in a formal statement yesterday.
So, the clear widely reported view on this story in the tech world is that Microsoft is stomping around like Elliot Ness and the Untouchables chopping up precious, innocent barrels of hooch. As one Slashdot user groused:
Microsoft has pushed upon the world (literally, the world) software that has a history of security issues.
Now it appears that Microsoft is using their reputation for producing security-challenged software to badger companies for PR purposes. The headlines will all read, ~Microsoft takes down a company that is a security threat~. And Microsoft will look good in the headline.
But what has Microsoft really accomplished? Will Microsoft's reputation for software with abysmal security be changed? Or will a small company be crushed because a huge company is trying to look good?
BUT STILL: Another way of looking at this might be to duck into a wretched hive of script kiddie scum and villany like hackforums.net and search "noip" — where you will see 24 pages of results; lengthy tutorial threads on running "Remote Access Tool" malware like NJrat; embedded YouTube videos of unsuspected civilians getting their web camera's p0wned and repeated recommendations to run your RATs through No-IP to ensure your anonymity from your victims:
According to Reuters, Microsoft's team determined that about 94 percent of all machines infected with the Bladabindi and Jenxcus viruses were commanded by their botnet masters via Vitalwerks' servers.
Those connections may not have all still been there on Monday, but maybe (?) Microsoft wasn't that wrong barging in like a SWAT team.
[GIF via an NJrat forum thread at the Arabic-language development site Dev-PoinT]