Domains Seized by Microsoft

In an effort to crackdown on cyber crimes, Microsoft has taken a legal action against a malware network what it thought is responsible for more than 7.4 million infections of Windows PCs across the globe.

A bunch of websites got the equivalent of the "blue screen of death."
Millions of legitimate servers that rely on Dynamic Domain Name Service (DDNS) from, owned by Vitalwerks Internet Solutions were blacked out on Monday after Microsoft seized their 23 domain names that were being used by malware developed in the Middle East and Africa.

But in No-IP's case, the company wasn't a hacker. The problem, Microsoft argued, was that No-IP's business model lent itself to criminal abuse. Microsoft wasn't the only one that thought this. Earlier this year, Cisco's security team said the same thing about No-IP's business model.
Here's what they said was wrong: Computers prefer numbers, humans prefer words. A website has two internet addresses, one of them is numbers, called an IP address, the other is words, called a URL; together they are known as a "domain."

A system called "domain name service" (DNS) matches up the two, so when you type into your browser (easier for humans to remember), you are connected to the IP address of (easier for computers to work with).

Microsoft's problem is that No-IP uses something called Dynamic DNS, a tech that allows lots of websites to share the same numerical IP address. This isn't special to No-IP. DDNS is used in everything from corporate networks to home networks.

But DDNS websites, often called "subdomains," are not tracked the same as regular websites, making them a haven for criminals wanting to hide their activities and whereabouts, according to research done by Cisco and Microsoft. That research showed that free IP addresses, particularly those owned by No-IP, were being used regularly by hackers to distribute malware.

The Dynamic Domain Name Service (DDNS) from works by mapping users' dynamic IP addresses to a customized No-IP sub-domain like or This mechanism allows users to connect to a system with dynamic IP address using a static No-IP sub-domain.
No doubt its a useful service, but Nevada-based No-IP Dynamic DNS (DDNS) service subdomains have been abused by creators of malware for infecting millions of computers with malicious software at large scale.
Microsoft security research team began this operation under an order granted by a federal court in Nevada, and targeted traffic involving two malware families that abused No-IP services. The Windows malwares, which went by the names Bladabindi (aka NJrat) and Jenxcus (aka NJw0rm), use No-IP accounts to communicate with their creators in 93 percent of detected infections, which are the most prevalent among the 245 other pieces of malware currently exploiting No-IP domains.
In a blog post, Richard Domingues Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit, said Microsoft pursued the seizure for No-IP's role "in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large." He claimed.
Over the past year, Microsoft security team has detected more than 7 million infections that makes use of Bladabindi and Jenxcus malware, in order to take control of users’ computers, steal passwords, and turn on webcams and microphones.
Microsoft accused Kuwaiti national Naser Al Mutairi and Algerian national Mohamed Benabdellah of writing and distributing the Bladabindi and Jenxcus malware, respectively. Microsoft claims the developers have sold over 500 copies of the malicious software to crooks and cyber criminals, and promoted No-IP service to use with malware to help them covering their tracks.
In a civil case filed on June 19, Microsoft named two individuals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions of violating “federal and state law by distributing malicious software through more than 18,000 sub-domains belonging to No-IP, causing the unlawful intrusion into, infection of, and further illegal conduct involving, the personal computers of innocent persons, thereby causing harm to those persons, Microsoft, and the public at large."
Microsoft attorneys said No-IP is "functioning as a major hub for 245 different types of malware circulating on the Internet."
The court in Nevada has granted a temporary controlling order against No-IP and now the DNS traffic for the hostnames associated with malicious activity being funneled through Microsoft's servers:

Microsoft claimed, "Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.".

In an official statement, Vitalwerks counter-accused Microsoft for allegedly affecting millions of innocent users, who are currently experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.” No-IP Marketing Manager, Natalie Goguen said.
Vitalwerks and No­-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-­IP system domains free of spam and malicious activity.” Natalie Goguen said. “Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one.
There are dozens of No-IP like Free Dynamic Domain Name Services (DDNS) available the Internet, those are actively being used by malware authors/operators to distribute malwares. Example:
  • and many more…
Microsoft advised all of them to follow the Industry best security practices, in order to make it more difficult for cybercriminals to operate anonymously and harder to victimize people online.
Boscovich went on to say, "As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cyber crime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online."
However, No-IP has not created the malware, but the service has not taken strict steps to keep its domains safe from malicious activity. Microsoft said the case and operation is ongoing.
The owner of will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.Report any Broken Download linkon Blogmytuts Facebook Page. IF YOU WANT TO BORROW MY CONTENT PLEASE CONTACT US..
Share on Google Plus

About Jaime Lacson

A Freelance Computer Tech with knowledge about computer, router and mobile phones, especially in Upgrade and Downgrade OS, Software and Hardware troubleshooting. follow me at Google+
    Blogger Comment
    Facebook Comment