Yesterday, Microsoft made some to do over taking down a serious malware threat proliferated by No-IP through inaction. Microsoft enlisted legal action to abscond 22 of No-IP's commonly used domains. The court granted Microsoft authority over the domains. Some have argued that the quick turnaround from legal motion to ruling was shockingly quick.
However, after the ruling and Microsoft's subsequent work to eliminate the threats, No-IP has released a formal statement on the situation—and they're not happy. That's to be expected, however.
Despite a year long list of complaints from the security community, No-IP states that the company was not approached by Microsoft about the situation. The specific malware was Middle-Eastern based and, frankly, it amazes me that a company with proper intentions and adept control over its assets wouldn't have been able to identify breaches in its infrastructure used to proliferate criminal acts.
No-IP goes on to state the company's strict policy on abuse and that it maintains sophisticated filters to keep its domains free of spam and malicious activity. The network is scanned daily to identify signs of mischievous actions. However, despite the "sophistication" of its tools and the supposed daily scans, the specific types of malware were able to spread and affect over 7 million users in just the last 12 months.
No-IP suggests that Microsoft's "draconian actions" have affected millions of innocent Internet users (i.e., No-IP's customers). I wonder how that compares to the millions of users infected by malware that was allowed to spread over the last year.
No-IP's statement seems more a plea for saving face because its actions (or inactions) over the last year simply don't add up.
No-IP ends its statement by promising to do its best to resolve the problem. The story is continuing and it'll be interesting to see what comes of it. If anything, maybe this a wake-up call for No-IP to actually take action on something that has been evident in the security community for a long time.
Full statement here: No-IP's Formal Statement on Microsoft Takedown