Microsoft has been forced into a climb-down by returning 23 domains that were seized for allegedly being behind malware infecting Windows computers across the globe.
No-IP’s domains, which were seized on June 30 after a court order allowed Microsoft to do so, were implicated in an investigation into various domains being used by cybercriminals to operate the Bladabindi and Jenxcus malware families.
“We are so sorry for the inconvenience that this takedown has caused our customers,” No-IP explained in a blog post. “Thank you so much for the support and for sticking with us through the entire process this week.”
The domain company added that it may take up to 24 hours for the DNS to “fully propagate” and that everything will be fully functioning within the next day or so. One domain, noip.me, took longer to get online and that will also be fully restored within the next day or so.
Microsoft obtained a court order last month as part of a civil case it filed against Mohamed Benabdellah and Naser Al Mutairi as well as Vitalwerks Internet Solutions, which does business under the No-IP name. The case hinged on testimony from Microsoft that stated No-IP’s infrastructure had been used to hasten the spread of the Jenxcus and Bladabindi malicious programs in 93 per cent of cases it had detected.
A federal court in Nevada sided with Microsoft to give the firm ownership over the domains as it convinced them that No-IP didn’t do enough to prevent them being used for illicit means.
No-IP claimed that Microsoft went about it in a “heavy-handed” fashion and didn’t make an effort to make contact regarding the domains in question. Security analysts have also come out to criticise the way Microsoft went about swallowing up the domains involved.
“The wild use of domain sinkholing has been a controversial discussion for a long time, the fact that we’re seeing corporations like Microsoft seizing assets belonging to legitimate companies made many peers in our community drop their jaws,” said Claudio Guarnieri, an independent security researcher, told Threat Post.
On its part, Microsoft admitted that it worked together with No-IP to return the domains and is reviewing the malicious subdomains to identify the victims of the malware.