Microsoft brought the hammer down on No-IP and seized 22 of their domains. They also filed a civil case against \u201cMohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, LLC (doing business as No-IP.com), for their roles in creating, controlling, and assisting in infecting millions of computers with malicious software\u2014harming Microsoft, its customers and the public at large.\u201dMicrosoft Digital Crimes Unit reported, \u201cOn June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company\u2019s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats.\u201d All of the legal documents are posted here.Richard Domingues Boscovich, assistant general counsel for Microsoft Digital Crimes Unit, wrote:Dynamic Domain Name Service (DNS) is essentially a method of automatically updating a listing in the Internet\u2019s address book, and is a vital part of the Internet. However, if not properly managed, a free Dynamic DNS service like No-IP can hold top-rank among abused domains. Of the 10 global malware disruptions in which we\u2019ve been involved, this action has the potential to be the largest in terms of infection cleanup. Our research revealed that out of all Dynamic DNS providers, No-IP domains are used 93 percent of the time for Bladabindi-Jenxcus infections, which are the most prevalent among the 245 different types of malware currently exploiting No-IP domains. Microsoft has seen more than 7.4 million Bladabindi-Jenxcus detections over the past 12 months, which doesn\u2019t account for detections by other anti-virus providers.Microsoft Malware Protection Center explained:These families can install backdoor trojans on your computer, which allow criminals to steal your information, such as your passwords, and use your computer to collect other sensitive information. For example, Bladabindi can take snapshots and record videos without your permission. It can also control your system remotely.These backdoor trojans can also upload new components or malware to your computer to add more malicious functionality. They often communicate with hosts that are typically a Dynamic DNS service such as NO-IP because this makes them more difficult to trace.\u201cWe\u2019re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus\u00a0(NJw0rm) family of malware.\u201d Microsoft pointed back at a Cisco post from February that shows No IP as some of the top DDNS base domain offenders, adding, \u201cDespite numerous reports by the security community on No-IP domain abuse, the company has not taken sufficient steps to correct, remedy, prevent or control the abuse or help keep its domains safe from malicious activity.\u201dAccording to No-IP, the takedown came as a total surprise. \u201cHad Microsoft contacted us, we could and would have taken immediate action. Microsoft now claims that it just wants to get us to clean up our act, but its draconian actions have affected millions of innocent Internet users.\u201d The solution, if your site went down, \u201cis for you to create a new hostname on a domain that has not been seized by Microsoft.\u201dMicrosoft isn\u2019t buying into No-IP\u2019s \u201ctotal surprise\u201d claim. In fact, Microsoft's Digital Crimes Unit added, \u201cAs malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure. If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online.\u201dSome folks in the security community are furious, saying Microsoft went too far and darkened too many legitimate sites that had nothing to do with distributing malware, (check out comment section on Krebs on Security). CSO\u2019s Steve Ragan pointed out, \u201cFour million domains have been shutdown, despite the fact that Microsoft only wants 18,472 of them.\u201d Microsoft called that "temporary loss of service" to legitimate sites a "technical error" that has since been corrected.Not all collateral damage was bad. For example, Kaspersky noted the shutdown \u201caffected in some form at least 25% of the APT groups\u201d as well as darkening some of the Hacking Team\u2019s \u201clawful intercept\u201d malware deployed by governments and law enforcement to take complete remote control of PCs and smartphones. Whether that also was a \u201ctechnical error\u201d now fixed is unknown. It\u2019s probably too much to hope that Microsoft would take a stance like Kaspersky did to protect consumers and block the \u201clegal\u201d spyware.