Microsoft admitted Tuesday it made a technical error after it commandeered part of an Internet service’s network in order to shut down a botnet, but the Nevada-based company says its services are still down. A federal court in Reno granted Microsoft an ex-parte restraining order that allowed it to take control of 22 domains run by No-IP, a DNS provider owned by Vitalwerks, which was served the order on Monday. Microsoft alleged the domains were being abused by cybercriminals to manage and distribute malware. It was the tenth time Microsoft has turned to the courts to take sweeping action against botnets, or networks of hacked computers. Although No-IP was not accused of wrongdoing, Microsoft maintained the company had not done enough to stop abuse on its networks. Microsoft’s intention by seizing the domains was to block only the computers using No-IP’s services that were being used as part of a botnet.
Earlier today, we wrote about a ridiculous situation in which Microsoft was able to convince a judge to let it seize a bunch of popular domains from No-IP.com, the popular dynamic DNS provider, routing all their traffic through Microsoft servers, which were unable to handle the load, taking down a whole bunch of websites. Microsoft claimed that this was all part of a process of going after a few malware providers, though No-IP points out that Microsoft could have easily contacted them and the company’s fraud and abuse team would have cut off those malware providers. A little while ago, Microsoft PR emailed over the following, somewhat questionable claim from David Finn, the company’s Executive Director and Associate General Counsel, Digital Crimes Unit, in which he claims that all of that collateral damage was merely a “technical error” and it’s all good now: “Yesterday morning, Microsoft took steps to disrupt a cyber-attack that surreptitiously installed malware on millions of devices without their owners’ knowledge through the abuse of No-IP, an Internet solutions service. Due to a technical error, however, some customers whose devices were not infected by the malware experienced a temporary loss of service. As of 6 a.m. Pacific time today, all service was restored. We regret any inconvenience these customers experienced.”
