On June 30, the federal court issued an order making Microsoft the Domain Name System authority for 23 No-IP domains. That order let the company reroute all traffic bound for those domains to a Microsoft server instead. Requests for the IP address of any No-IP domain linked with malware activity would be directed to a Microsoft "sinkhole" system to record the date and time of the request as well as the IP address of the requesting computer.
In a blog post, Microsoft assistant general counsel Richard Boscivich, said the No-IP takedown has the potential of becoming one of its largest ever in terms of infection cleanup. "We're taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi and Jenxcus family of malware," he said.
Some security experts, however, questioned the company's tactics.
Johannes Ullrich, dean of research for the SANS Technology Institute, said Microsoft should have more strongly considered the potential for collateral damage. "This is similar to demolishing an entire block just because some houses are used to deal drugs," Ullrich said.
"While Microsoft has a legitimate claim against No-IP to protect its own interests, it should consider that its actions may cause harm to other legitimate businesses," he said.
As a larger problem, what is needed is a clear understanding of how fast and under what conditions "abuse" requests need to be handled by Internet service providers like No-IP, he said. "It is not clear if Microsoft worked with No-IP or not," he noted.
Even if No-IP was unresponsive, Microsoft should have given the company more warning, and then ensured that impact to legitimate services was minimized by transitioning gradually or by being more selective in its interception, he said.
"What gave Microsoft the right to decide that No-IPs abuse management processes were not operating as expected and indeed against what norms was Microsoft measuring No-IPs capabilities against?" he asked.
Microsoft may also have infringed on the privacy rights of legitimate No-IP customers by having their Internet traffic routed through its servers, he said.
Sign up for MIS Asia eNewsletters.