Tuesday, July 1, 2014 - 19:22

Microsoft hijacks NoIP through temporary restraint order against Vitalwerks

If you wonder why your NoIP dynamic DNS isn't working anymore...Microsoft basically captured the service in what you could call a cloak-and-dagger operation via a TRO against Vitalwerks LCC. The company behind NoIP.

Most NoIP TLD incl. .BIZ, .INFO, and .ORG are now handled by Microsoft's nameservers effectively rendering the service for quite a number of users rather useless.

The reason for the TRO is distribution of malware. Microsoft has filed documents with the Nevada district court that identify ~2000 subdomains hosted on various NoIP domains that allegedly distribute malware. The judge authorized Microsoft to take reasonably action in cooperation with the involved registrars to redirect the DNS entries of said listed hosts away from NoIP to Microsoft.

Why on earth Microsoft hasn't contacted Vitalwerks is completely beyond me. They have a rather clear abuse policy and are not exactly known for ignoring it. It would have spared a truckload of users a lot of pain. And Microsoft a lot of flak.

Microsoft justifies its actions with a rather disturbing self-righteous blog post over here. As far as I know Microsoft is not the internet police. That would be a pretty damn good joke anyway. And while they are boasting about this rather shady action I wonder if the same would be true if the target would be Microsoft themselves?

If there are 2,000 problematic users over at Microsoft's various free services - which I'm pretty sure could be found there - the entire network can be taken down on a domain basis without giving Microsoft a chance to react?

I'm pretty sure Microsoft would not entirely agree with this. And rightfully so. Why would someone disrupt an entire service just because a couple of well known elements cause trouble?

It only makes sense if the service provider does not react. Which in case of Vitalwerks is not the case. Or rather it's unknown because no one bothered to contact them.

I don't think that would happen if the target would be Microsoft, Yahoo or Google... ever. But apparently it's perfectly fine with everyone else. It is preposterous to assume that Vitalwerks is in anyway actively involved in this. And how exactly are you negligent if 2000 out of millions of hosts are affected?

Vitalwerks is in the business since 15 years and they are an ICANN accredited registrar for more than half of that time. And how many domains under any of the other registrars control are actively distributing malware? Would we circumvent those as well without prior notice?

This action against Vitalwerks is ruthless application of the law of the jungle.