Tweet
** !!! UPDATE !! **
DSA.servegame.com = DSAserver.ddns.net
Recently I noticed that our DSA.Servegame.com domain, a Dymanic DNS from NoIP.com, that I use to host game servers on my personal server here, stopped working. Coming up with "unknown domain" and other errors. Today I found out the culprit.
Here is Microsoft's say on it.
I understand the struggle against Malware coders and scammers, Hell I work in that field and have for 6+ years. But to do a full on blitzkrieg of this nature, hurting millions of innocent people that honestly purchased the DNS service, is IMO Draconian. How a US court could even allow another company to usurp another company's service is beyond me. I can understand a cease and desist. But full on Corporate takeover sponsored by the US gov?
I bet $1mil that MS is poising to take over Dynamic DNS services is simply going after what it sees as it's competitors in this market. Nothing more. Or a publicity stunt to push out it's new Cyber Crime unit. What a horrible TV series that would make.
So my question is who the hell is going to fulfill the agreement to service my Dynamic DNS that I paid for?!
In the mean time, while I search for a solution, you may have trouble reaching certain DSA services, Like the Minecraft Server, Terraria, and some others. Who would of thought that Minecraft diamonds were actually Malware Worms!!
DSA.servegame.com = DSAserver.ddns.net
Recently I noticed that our DSA.Servegame.com domain, a Dymanic DNS from NoIP.com, that I use to host game servers on my personal server here, stopped working. Coming up with "unknown domain" and other errors. Today I found out the culprit.
No-IP’s Formal Statement on Microsoft Takedown
*******UPDATE*******
Is your service down because of this outage? The solution we have available at the moment is for you to create a new hostname on a domain that has not been seized by Microsoft. The following domains are free and working
ddns.net
webhop.me
serveminecraft.net
ddnsking.com
onthewifi.com
To create a new hostname, login to your No-IP account and click on the Hosts/Redirects tab. Click a “Add a Host”. Type in your hostname and also choose one of the working domains.
We apologize for this outage. At this point it is completely out of our hands, but please understand that we are fighting for you.
Thank you
*******
We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue. This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.
We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.
Vitalwerks and No*-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-*IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.
About No*-IP
For over 14 years, No*-IP has been offering the best and most affordable Dynamic and Managed DNS solutions. Our robust Anycast Network with points of presence in 18 different world*class facilities across the globe guarantees our 100% Uptime, because let’s face it, there are no upsides to downtime. No*IP is the preferred choice for users on the Internet for dynamic DNS compared to smaller, less reliable alternatives. Our DNS Experts will ensure that your website is fast, reliable and always available.
Contact
Natalie Goguen
Marketing Manager
5905 South Virginia Street, Suite 200
Reno, NV 89502
press@no-ip.com
Support requests will not be answered via email. Please open a support ticket if you need assistance.
###
*******UPDATE*******
Is your service down because of this outage? The solution we have available at the moment is for you to create a new hostname on a domain that has not been seized by Microsoft. The following domains are free and working
ddns.net
webhop.me
serveminecraft.net
ddnsking.com
onthewifi.com
To create a new hostname, login to your No-IP account and click on the Hosts/Redirects tab. Click a “Add a Host”. Type in your hostname and also choose one of the working domains.
We apologize for this outage. At this point it is completely out of our hands, but please understand that we are fighting for you.
Thank you
*******
We want to update all our loyal customers about the service outages that many of you are experiencing today. It is not a technical issue. This morning, Microsoft served a federal court order and seized 22 of our most commonly used domains because they claimed that some of the subdomains have been abused by creators of malware. We were very surprised by this. We have a long history of proactively working with other companies when cases of alleged malicious activity have been reported to us. Unfortunately, Microsoft never contacted us or asked us to block any subdomains, even though we have an open line of communication with Microsoft corporate executives.
We have been in contact with Microsoft today. They claim that their intent is to only filter out the known bad hostnames in each seized domain, while continuing to allow the good hostnames to resolve. However, this is not happening. Apparently, the Microsoft infrastructure is not able to handle the billions of queries from our customers. Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors.
Had Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.
Vitalwerks and No*-IP have a very strict abuse policy. Our abuse team is constantly working to keep the No-*IP system domains free of spam and malicious activity. We use sophisticated filters and we scan our network daily for signs of malicious activity. Even with such precautions, our free dynamic DNS service does occasionally fall prey to cyber scammers, spammers, and malware distributors. But this heavy-handed action by Microsoft benefits no one. We will do our best to resolve this problem quickly.
About No*-IP
For over 14 years, No*-IP has been offering the best and most affordable Dynamic and Managed DNS solutions. Our robust Anycast Network with points of presence in 18 different world*class facilities across the globe guarantees our 100% Uptime, because let’s face it, there are no upsides to downtime. No*IP is the preferred choice for users on the Internet for dynamic DNS compared to smaller, less reliable alternatives. Our DNS Experts will ensure that your website is fast, reliable and always available.
Contact
Natalie Goguen
Marketing Manager
5905 South Virginia Street, Suite 200
Reno, NV 89502
press@no-ip.com
Support requests will not be answered via email. Please open a support ticket if you need assistance.
###
Here is Microsoft's say on it.
Microsoft takes on global cybercrime epidemic in tenth malware disruption
30 Jun 2014 1:23 PM
The following post is from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.
Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.
We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.
Free Dynamic DNS is an easy target for cybercriminals
Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.
For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.
Microsoft legal and technical actions
On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.
This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.
botnets, Digital Crimes Unit, Security
30 Jun 2014 1:23 PM
The following post is from Richard Domingues Boscovich, Assistant General Counsel, Microsoft Digital Crimes Unit.
Playing offense against cybercriminals is what drives me and everyone here at the Microsoft Digital Crimes Unit. Today, Microsoft has upped the ante against global cybercrime, taking legal action to clean up malware and help ensure customers stay safer online. In a civil case filed on June 19, Microsoft named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software—harming Microsoft, its customers and the public at large.
We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic.
Free Dynamic DNS is an easy target for cybercriminals
Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet’s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we’ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn’t account for detections by other anti-virus providers. Despite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.
For a look at how cybercriminals leverage services like No-IP, and advice for customers to help ensure a safer online experience, please see the graphic below.
Microsoft legal and technical actions
On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Computer Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. The Microsoft Digital Crimes Unit worked closely with Microsoft’s Malware Protection Center to identify, reverse engineer and develop a remedy for the threat to clean infected computers. We also worked with A10 Networks, leveraging Microsoft Azure, to configure a sophisticated system to manage the high volume of computer connections generated by botnets such as Bladabindi-Jenxcus.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online. Meanwhile, we will continue to take proactive measures to help protect our customers and hold malicious actors accountable for their actions.
This is the third malware disruption by Microsoft since the November unveiling of the Microsoft Cybercrime Center—a center of excellence for advancing the global fight against cybercrime. This case and operation are ongoing, and we will continue to provide updates as they become available. To stay up to date on the latest developments on the fight against cybercrime, follow the Microsoft Digital Crimes Unit on Facebook and Twitter. Microsoft provides free tools and information to help customers clean and regain control of their computers at www.microsoft.com/security.
botnets, Digital Crimes Unit, Security
I bet $1mil that MS is poising to take over Dynamic DNS services is simply going after what it sees as it's competitors in this market. Nothing more. Or a publicity stunt to push out it's new Cyber Crime unit. What a horrible TV series that would make.
So my question is who the hell is going to fulfill the agreement to service my Dynamic DNS that I paid for?!
In the mean time, while I search for a solution, you may have trouble reaching certain DSA services, Like the Minecraft Server, Terraria, and some others. Who would of thought that Minecraft diamonds were actually Malware Worms!!
Comment