In an email to CRN, a Microsoft spokesperson said a "technical error" caused some legitimate No-IP.com customers to experience "a temporary loss of service," but all service was restored to those customers as of 6 a.m. Pacific Time.
But Silicon East's Harrison said this isn't accurate, at least from his perspective. After doing tests on his own domains, he discovered that traffic was looping back to Microsoft instead of to his Lakewood, N.J., location, as is normally the case.
Meanwhile, on Twitter, the court of public opinion appears to be strongly against Microsoft in this case.
Microsoft just hijacked a DNS provider. Not for doing anything wrong, but for failing to prevent abuse. Questionable. http://t.co/EkdNizkWrU
— Jonathan Mayer (@jonathanmayer) June 30, 2014
Maybe Microsoft should withdraw Internet Explorer, it is after all a popular infection vector. http://t.co/FKB8atxEt9
— Andreas Lindh (@addelindh) June 30, 2014
Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, told CRN he considers Microsoft's seizure of No-IP.com's domains to be "heavy-handed," but said such services are regularly abused by malware authors.
"These big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move," Plato said of Microsoft's malware-fighting tactics. "With DNS names black-holed, the botnet essentially becomes useless. It cannot communicate back to its command infrastructure."
It is unclear how much of a long-term benefit Microsoft's latest antimalware actions will have, according to Plato. "Malware creators are developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems," he said.
PUBLISHED JULY 2, 2014