dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
38

Link Logger
MVM
join:2001-03-29
Calgary, AB

1 recommendation

Link Logger to TheMayor

MVM

to TheMayor

Re: Microsoft serves court order on NoIp.com & seized 22 commonly used domains

Does no ip have a guaranteed service level and if not then what are their users bitching about? No IP was saying they couldn't deal with the malware because they don't have enough staff, Microsoft is just helping them out.

Blake
dickie757
join:2013-04-30
Portsmouth, VA

1 recommendation

dickie757

Member

They carpet bombed us, that is not helping.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to Link Logger

Member

to Link Logger
LOL

MS just scored a huge botnet kill good on em i say. I hope they nuke some more of these suckers. Know how many log entries i had for dyn dns servers on my old linksys routers back in the day as shown by your little program? Lets just say it was filled with attacks and that was oh man 5 to 6 years ago!

I ended up setting up a smooth wall firewall and black listed all the dyn dns hosted domains i could find just to not see them on the logs as much. If i recall all of the attacks came from free dyn dns none from paid services.

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie

Member

The organizations that I work for are alerted by their upstream providers whenever malicious network traffic is identified (unless its found in house of course). Depending upon what this traffic consists of these organizations have 24 - 48 hours after notification to stop the offending traffic or have their connections severed until the issue(s) are fixed. I fully support these policies & would like to see something similar across the entirety of the Interwibbly. On that note however I also understand that this kind of solution could be highly problematic for many entities.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Well if they can not keep their houses clean so to speak then that is their problem. Think about this in relation to a major roach infestation in a neighbors house. This will effect you and the entire neighbor hood. The government can and does step in to put a stop to it. They will condemn your home because your not responsible enough to take care of it.

In this case Microsoft seen that no ip and likely others who have not been served the papers yet were not able to take care of their service (house) so they (MS) contacted the courts and notified them about it. The courts found probable cause to serve the paper. This is no different than you me or any one seeing roaches crawling out of our neighbors house en-mass and reporting them to the city and the city saying clean it up or we will.

It sucks that some legit users got hit to but well they need to get mad at noip for not keeping a clean service.

mackey
Premium Member
join:2007-08-20

3 edits

mackey

Premium Member

said by Nanaki:

This is no different than you me or any one seeing roaches crawling out of our neighbors house en-mass and reporting them to the city and the city saying clean it up or we will.

Wrong. This is no different then seeing roaches crawling out of our neighbors house en-mass and, without first asking your neighbor to work on the problem, getting permission from the city (again without informing your neighbor of the hearing) to kick in your neighbors' front door yourself so you can rifle through all their stuff looking for roaches to kill.

MS is not law enforcement and they do not own the infected machines. They never asked No-IP to take down the malware-serving domains. They did not inform them of the court date and did not give them a chance to defend themselves.

They had no right to steal No-IP's domain names.

/M
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

The court said they in fact did. MS filed the case with the courts the courts said nail them. The legal system gave them the right to do so.
MS shut down a bot not by force again i say good job MS.

I just do not get it honestly. This forum is about security. MS just smashed a bot net. It will take months minimal for these twerps to even begin to rebuild that botnet if they ever can. Fact is noip is getting enough money to be worth running their service that they offer free. Yeh you can get a paid account but 10 to 1 hell 100 to 1 odds only 1% or less of their users have paid accounts of any sort. So they get money from something. And correct me if im wrong but isnt this about the sub domains they give out free? As with the paid service again correct me if im wrong you get a full domain? MS took out some not all of the free domains that btw are on tons of black lists for spam and various other bad purposes.

So what really happened is a bunch of free sub-domains got taken off line with a couple million mostly long inactive accounts were hosted on. Leaving what probably amounts to a few 100 free users with out service. Now no ip is screaming millions of users but they really mean millions of accounts. In reality they are probably claiming that each sub-domain in use is a separate account holder. Which only further lowers the total number of people who could have been effected had all 4+ million accounts still had some one at the helm.

Truthfully there may have been 400 to 600 actual people other than the bot net masters effected. Of those few 100 half are probably spammers phisher and scammers them self who are small time.

What we know the facts of the case if you want is this

There were 2 major varieties of malware ones that had millions of infections caught just by MS's own built in antispyware app. As well as 245 other malware applications being hosted on dyn dns accounts from no ip on those subdomains that ms took down.

Lets go with conservative numbers for those other 245 malware apps. 100k infections each should be conservative enough figuring that some have infection totals likely reaching in to the 500k to 600k range. So 100kx245=24,500,000(24.5million)+7.4million=32,000,000 32 million infections all from hosts using no ips dns service. Sorry but i can not get my self to feel any sympathy for no ip what so ever.

These guys ither had to know this was happening all along and choose to do nothing or are the most idiotic bunch of so called admins and software programmers ever to walk the planet. No body could not see this happening. Some one would get curious about a spam email and look at the headers or a series of attacks in the logs and checked who the ips resolved to. End users not on noip have had to have reported bad behavior from noip dns served hosts etc. noip had to be aware this was happening and chose to do nothing.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to mackey

Premium Member

to mackey
said by mackey:

MS is not law enforcement...

Even though it involved criminals & criminal matters the action was civil.
You do bring up the question of why LE didn't handle the matter as part of a criminal investigation though.

Three possibilities come to mind.
1. Microsoft didn't want to share the headlines with LE

2. LE chose to not get involved

3. Some aspect was an end run around existing laws which prohibited LE involvement (at this stage).
dave
Premium Member
join:2000-05-04
not in ohio

1 recommendation

dave

Premium Member

As far as I know, there is a court-administered procedure for domain confiscation. The legal system has mechanisms for confiscating 'property' (i.e., domain names in this case) used in the furtherance of criminal activity. So my (sketchy) understanding is that the names could have just gone away, poof, leaving everyone high and dry.

As for why Microsoft 'took them over', I imagine it was supposed to minimize the damage to innocent parties. That they screwed it up would appear to be independent of the actual legal confiscation.

If there's anyone better at playing a lawyer on the internets (and how could there not be?), I'd appreciate if they'd post more detail.

mackey
Premium Member
join:2007-08-20

mackey to Nanaki

Premium Member

to Nanaki
said by Nanaki:

MS filed the case with the courts the courts said nail them.

I guess in that case you wouldn't mind getting thrown in jail when the police come to you and say we had your trial that we never informed you about yesterday and you were found guilty so come with us please. It was a 1-sided case because No-IP was never informed this action was even taking place and thus given no chance to defend themselves. If No-IP was so involved in facilitating malware then why was no lawsuit filed against them directly?

BTW, free domains must be updated every 30 days or they get deleted so no, there were not "a couple million mostly long inactive accounts." The rest of your post reminds me of the explanation as to why horses have an infinite number of legs.

/M

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

1 edit

GuruGuy to mackey

Premium Member

to mackey
said by mackey:

said by Nanaki:

This is no different than you me or any one seeing roaches crawling out of our neighbors house en-mass and reporting them to the city and the city saying clean it up or we will.

Wrong. This is no different then seeing roaches crawling out of our neighbors house en-mass and, without first asking your neighbor to work on the problem, getting permission from the city (again without informing your neighbor of the hearing) to kick in your neighbors' front door yourself so you can rifle through all their stuff looking for roaches to kill.

MS is not law enforcement and they do not own the infected machines. They never asked No-IP to take down the malware-serving domains. They did not inform them of the court date and did not give them a chance to defend themselves.

They had no right to steal No-IP's domain names.

/M

Chubbzie posted this early on in the thread:
»www.noticeoflawsuit.com/

The lawsuit is dated June 19th. MS didn't have to inform them, that's the courts job. Papers would have been served on No IP for the suit. Apparently No IP didn't file a motion within 21 days with the court responding to the suit and lost by default negating the need for trial (no court).

HostsGuy
@2.126.245.x

HostsGuy to mackey

Anon

to mackey
Erm these guys have been approached many time with abuse reports and have done zero about them over the years.

They have no grounds to complain and the only dumb thing about this all was they believed their gravy train would go on for many years without someone being able to pull the plug on it.

Of course they are pissed and so is most of their customers but no sympathy over here for the devil.

Big props to M$ for the outcome of their legal action.

The fight goes on...

mackey
Premium Member
join:2007-08-20

mackey to GuruGuy

Premium Member

to GuruGuy
said by GuruGuy:

The lawsuit is dated June 19th

Got a link to that? I see MS's lawyer wrote the complaint on the 19th but it's listed as "filed under seal" and does not list a filing date. The Notice posted to »www.noticeoflawsuit.com/ is dated 6/30 and the 21 days presumably start from then. Either way the 21 days has not elapsed yet and they took the domains anyway.

/M
mackey

mackey to HostsGuy

Premium Member

to HostsGuy
said by HostsGuy :

Erm these guys have been approached many time with abuse reports and have done zero about them over the years.

Of the 18k domains listed in MS's complaint 16k were already down when MS stole their domain names. According to »garwarner.blogspot.nl/20 ··· -ip.html when a Cisco blog posted the number of No-IP domains that their software was blocking, a member of the No-IP security team asked for a full list of domains so they could kill them all. That doesn't sound like "doing zero" to me.

/M

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy to mackey

Premium Member

to mackey
said by mackey:

said by GuruGuy:

The lawsuit is dated June 19th

Got a link to that? I see MS's lawyer wrote the complaint on the 19th but it's listed as "filed under seal" and does not list a filing date. The Notice posted to »www.noticeoflawsuit.com/ is dated 6/30 and the 21 days presumably start from then. Either way the 21 days has not elapsed yet and they took the domains anyway.

/M

It's all in the link I supplied. Scroll down and read the .pdf's and yes, 21 days did elapse.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

said by GuruGuy:

said by mackey:

said by GuruGuy:

The lawsuit is dated June 19th

Got a link to that? I see MS's lawyer wrote the complaint on the 19th but it's listed as "filed under seal" and does not list a filing date. The Notice posted to »www.noticeoflawsuit.com/ is dated 6/30 and the 21 days presumably start from then. Either way the 21 days has not elapsed yet and they took the domains anyway.

It's all in the link I supplied. Scroll down and read the .pdf's

I did read the PDFs and they do not list this missed court date you speak of. The Notice which is dated June 30th says they have 21 days making it July 21st, but it's not yet July 21st now is it?

/M

GuruGuy
Premium Member
join:2002-12-16
Atlanta, GA

GuruGuy

Premium Member

said by mackey:

I did read the PDFs and they do not list this missed court date you speak of. The Notice which is dated June 30th says they have 21 days making it July 21st, but it's not yet July 21st now is it?

/M

I can't help you if you can't understand what the documents are telling you.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

said by GuruGuy:

said by mackey:

I did read the PDFs and they do not list this missed court date you speak of. The Notice which is dated June 30th says they have 21 days making it July 21st, but it's not yet July 21st now is it?

I can't help you if you can't understand what the documents are telling you.

I do understand what they're telling me, you just have no clue what you're talking about. No-IP was not given any chance to object to the emergency TRO before it was executed; they learned about this lawsuit when their domains were stolen out from under them.

/M
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to GuruGuy

Member

to GuruGuy
I think mackeys issue is with the wording under seal.That does not mean that noip was not informed. Just that the action was filed under-seal Once the courts found cause noip was severed with notice (as you state given 21 days to file a motion) and they had 21 days to inform their customers this was about to happen and to plan accordingly. They did NOT do that. Hence no sympathy coming from me. Again i stick by my guns here noip got exactly what they deserve. These guys are on tons of black lists many of their precious domains are blocked 100% of the time by many companies. This should tell us all something about these snots.
Nanaki

Nanaki (banned) to mackey

Member

to mackey
After they got served papers they want to do it. They have had 1000s of complaints. I understand it is fashionable to hate microsoft.But in this case they did all of us a huge favor. I do virus etc clean ups for a living and im still happy these domains got nuked.

mackey
Premium Member
join:2007-08-20

mackey to Nanaki

Premium Member

to Nanaki
said by Nanaki:

they had 21 days to inform their customers this was about to happen and to plan accordingly

No they did not. The very first document that was filed is dated 6/19. As of today it's still only 14 days. Nothing in any of those documents say No-IP was ever informed of the impending action before it actually happened. In fact the Order Granting Ex Parte Application for a (emergency) TRO is explicit in that No-IP was not to be notified until AFTER the domains were taken. The Summons says MS had to serve No-IP by 7/1 and the documents were to be sealed until they were served.

Again NONE of those documents in any way even hint that No-IP had any warning this was about to happen.

/M
mackey

mackey to Nanaki

Premium Member

to Nanaki
said by Nanaki:

But in this case they did all of us a huge favor.

They stole a legitimate company's domain names with zero warning and used an anti-Cybersquatting law as justification to do so. That's just wrong.

I'm not opposed to taking down spam/malware hosts. It's the way in which they did it that I'm against. This is as bad as saying breaking a site's TOS is a criminal, federal offence (violation of the CFAA).

/M
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to mackey

Member

to mackey
Have you done any research in to noip? google noip and blacklist i have not even done so at this moment and i know just from prior experiance with this sort of thing what will be found. No ips stuff on dozens of black lists. free hosts of any sort always with out exception attract the worst elements on the net. The fact is free hosts know exactly what is going on and choose to do nothing till they are forced to. It hurts their bottom line. google them and see for your self. The total number of innocent users effected by this are a small percent of the users complaining on noips comment and some of those you can be assured are company shills padding numbers. Sorry but again no sympathy from me.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

So the ends justify the means? It's ok to abuse laws and lie to the courts as long as it's for a good cause?

Who cares about due process, we need to end malware now!!!

/M
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

They had fair warning period. As was already stated you did not read what was in those pdfs. i have read enough to see they were given fair warning. And by their own statement in their own blog from 2 years ago they knew this was happening yet found no way to stop it nor did they do any thing about those using it for this. It is so bad that even facebook blocks it and i mean seriously come on face book the mega spammers them self block noip LOL go figure that one out.

Again even if they had no warning that these papers were filed at all they still had plenty of warnings from isps and private individuals that this was happening on their networks and did nothing to put a stop to it. It is not hard to remove a offending account. Sure nailing lots of them is a daily task. But that is their responsibility.

Let me tell you something right now. If i found a exploit that would let me take down a free host that was responsable for millions of infections of any malware i would take the entire thing down and do so in a way that they would never recover. There are those on this site who know just how vicious a bastard i can really be when it comes to scammers spammers and malware writing scum.Noip is no better they let the malware writing propagating scum run free on their network. They got exactly what they deserved hell they got less than they deserved. The courts should have strait shut them down and forced them to delete all accounts for all domains and users a full reset if you will. We are not talking one or 2 spammers spamming out a few 1000 emails were talking 2 major infectors responsible for 7.4 million infections along with 245 other malware apps responsible for who knows how many infections but those while each only responsible for a 100k or so each total far more than the 7.4 mil from the rat programs. We are talking many tens of millions of infections all with hosts using noips dyn dns service.

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

said by Nanaki:

They had fair warning period. As was already stated you did not read what was in those pdfs.

No they did not. NONE of those PDFs say that. If you're so sure then which PDF and on which page?

Now you're back to the ends justify the means. Knowing their service is abused they staff an abuse department and delete accounts when it's reported. Knowing abuse happens does NOT mean "they knew this was coming." MS filed a fraudulent request for a restraining order. Hosting malware has nothing to do with cybersquatting or trademark infringement.
said by Nanaki:

Let me tell you something right now. If i found a exploit that would let me take down a free host that was responsable for millions of infections of any malware i would take the entire thing down and do so in a way that they would never recover.

So you're a vigilante who would destroy a legit company and the lives of the people who work there if a few people abuse their service. That's good to know.

/M
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

If the idiot admins do nothing to stop it hell yes. They did nothing to stop this. They knew this was going on with their companies servers and did nothing to mitigate and or stop it.
Read the link i posted from their blog july 2012. They have known that they were on black lists because of scammers and spammers for over 2 years they know what is going on and what has been going on for at least 2 years. Obviously they have known for way longer than that what has been happening. Ask your self why did they allow it to continue? 10 to 1 hell 1000 to 1 odds that something as in expensive as our own linkloggers linklogger program would have alerted noip to what was going on. Traffic analysis is pretty basic stuff and dead easy to roll out. It had to have been in place and had to show the traffic related to these trojan worms. Noip had to know what was going on so why the hell did they do nothing? They had the obvious traffic from the worms going to the ips those ips are beyond just easy to track back to their account holder they could have automated it scratch that i could have automated it and killed the accounts automatically with no admin action needed. I know next to nothing about php programing etc but a few posts on php help forums and reading up on it and i could probably hack something out in a few days dedicating a couple hours a day to it. Again why did they not do these things?

Answer is obvious they wanted this all to go on with in their network they may have been getting kick backs from these clods who were in control of these bot nets.

Some way or another it was to noip's benefit to let these guys run there crap on their network.

Almost forgot to add it remains to be seen just how truelly legit noip really is. All the above needs confirmed of shown to be false in some way shape or form. Even if legitimate they have some serious issues that they need to fix. If legit then why were they so stupid as to not see this all happening? If they are that plain out stupid then they should not be allowed to remain operating and should be fully shut down for all their users sakes and ours.

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

4 edits

DigitalXeron

Member

said by Nanaki:

- snip -
Traffic analysis is pretty basic stuff and dead easy to roll out. It had to have been in place and had to show the traffic related to these trojan worms. Noip had to know what was going on so why the hell did they do nothing? They had the obvious traffic from the worms going to the ips those ips are beyond just easy to track back to their account holder they could have automated it scratch that i could have automated it and killed the accounts automatically with no admin action needed.
- snip -

Thing is, DNS server logs only contain details of what client is querying what name at best. I am responsible for the operation of both DNS resolvers and authoritative servers. Even if I were to do a wireshark dump on the machines hosting the DNS servers or at the router up from them, there wouldn't be any information to tell me what web link (URL) those clients are accessing, to tell me what protocols those clients are using, nor tell me what ports are being used by the clients to connect to the IPs provided — nothing at all about the service at that IP. I do not get a glimpse of the traffic you claim DNS has. DNS is a phonebook, it doesn't provide any details of what a client will do with the IP response. For all I know, the client could just be looking up the name for diagnostic reasons.

DNS is stateless, DNS is ignorant to the protocol it is being used to connect for, at most information a DNS server can contain in relation to use of DNS is time/date of use, client IP addresses, the name being requested along with the record type. Nothing else, there's no "this is being accessed on port 80"; "This is accessing hxxp://name.domain.tld/blah/blah/malware.exe". I don't even know if the client will be connecting to that name via TCP or UDP or if at all.
said by NOYB:


-snip-
Apparently they either weren't willing and only give lip service without sufficient action. Or they just don't have the necessary resources to accomplish the task. So too bad for them.

And again. Thank you Microsoft for doing what No-IP couldn't, or more likely, wouldn't do on there own. Please keep forcing the issue.

The problem with the approach Microsoft took is that they approached No-IP as if No-IP's own computers were hosting the malware/botnets/etc and expected them to take down the hosting of the malware. You can bet that if a DNS name was taken down, it'd be up at another address within the hour (and Microsoft would STILL be at NoIP's neck for "not adequately dealing with the problem") if it is used in an unethical operation. Someone malicious could just re-register using a stolen identity if their first identity was "banned". It'd be a losing battle to deal with it at DNS, I've seen firsthand, actual domain names use false whois information, hundreds to thousands of these domain names are registered per day, usually in .info and .biz (e.g. getviagrapharmaonline.biz, nikepradashoesonline.info or something) — given this action I think you'd be advocating for those domain registries to be dissolved because the registries know that there's abusive domains being registered, but not seeking process to terminate or suspend registration. Guess what? The registries will tell you "We just provide the domain name, go talk to the hosting provider because we host nothing here, we're just a registry."

To "force the issue" in my view, Microsoft would have to start taking on foreign Internet service providers (including hosting companies) like CyberBunker and other bulletproof service providers that often gloat publicly that they will host almost anything and everything and that due to the jurisdictions they're hosted in, they're immune from takedowns and equipment seizures as the result of criminal activity.

These bulletproof providers should be in Microsoft's crosshairs, not merely DNS pointer services. Microsoft needs to make it as hard as possible for those operations to keep in business. Microsoft has billions, it should put its money where its mouth is and bribe the right authorities in those jurisdictions to come down hard on these bulletproof operations.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Noip knows that this was happening on their servers and that it was bad enough that they were on various black lists including rbl as seen in the blog post that i posted in a reply here. They have known that for example facebook had them blocked outright. I mean come on really facebook? Facebook who allows spyware etc to run rampant for the most part blocked them. That shows how bad it really is with them. While they mentioned facebook by name they also stated that customers should understand that their will be interuptions and issues that come about because some bad apples ruin it for every one (not their exact words i paraphrased a bit NOIP knew and knows what is happening but choose not to take action to stop it. They got what was coming to them and honestly they got less than what was coming to them.

You mentioned that MS went at them like they were hosting the malware. While it may not have been stored on their servers with out noips servers the malware could not funtion. And noip again knew from complaints etc that this was happening and they admit to it on their blog post from 2 years ago. They again are aware of what is happening and do nothing. This is no different than if it was infact hosted on their servers. And honestly who is to say they are not infact getting paid by some of the 247 different maleware programs authors. Again it was 2 major infectors the 2 worms that were news worthy enough to mention by name and 245 other types. Together the 247 different malware programs were likely responsible for infections in to the 10s of millions.

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

DigitalXeron

Member

said by Nanaki:

Noip knows that this was happening on their servers and that it was bad enough that they were on various black lists including rbl as seen in the blog post that i posted in a reply here. They have known that for example facebook had them blocked outright. I mean come on really facebook? Facebook who allows spyware etc to run rampant for the most part blocked them. That shows how bad it really is with them. While they mentioned facebook by name they also stated that customers should understand that their will be interuptions and issues that come about because some bad apples ruin it for every one (not their exact words i paraphrased a bit NOIP knew and knows what is happening but choose not to take action to stop it. They got what was coming to them and honestly they got less than what was coming to them.

You mentioned that MS went at them like they were hosting the malware. While it may not have been stored on their servers with out noips servers the malware could not funtion. And noip again knew from complaints etc that this was happening and they admit to it on their blog post from 2 years ago. They again are aware of what is happening and do nothing. This is no different than if it was infact hosted on their servers. And honestly who is to say they are not infact getting paid by some of the 247 different maleware programs authors. Again it was 2 major infectors the 2 worms that were news worthy enough to mention by name and 245 other types. Together the 247 different malware programs were likely responsible for infections in to the 10s of millions.

Facebook probably moved to block them because it went over some internal threshold for the whole domain. For the record, I see tens, maybe hundreds of thousands of spammers statistically originating from gmail addresses to perform registrations (because with gmail, you can get around bans on websites by just adding a dot into your gmail email somewhere and it's the same email but it will bypass the ban, e.g. "b.lah@gmail.com is the same as bl.ah@gmail.com is the same as blah@gmail.com"), but you don't see Google being blocked because it's a popular domain. No-IP just had the unfortunate situation of being not so popular.

"Without No-IP's servers the malware could not function". False. Botnets and like operations have terrifying efficiency in adapting, for all you know there could be backup domains at completely different locations that the bots are programmed to contact in the event the No-IP ones fail. Further, there have been and are in operation botnets that operate on a p2p basis, meaning that there's effectively a mesh network between the bots and all the bot herder has to do is send new links out for changes in strategy. At best this may hinder the malware spreading a bit, but already malware operations have adapted, I haven't seen anyone coming out with numbers yet saying that this "bust" brought down spam levels or anything definitively operationally relevant. The only numbers I've seen is the malware that has been identified, that "247" figure and whatnot which doesn't identify how many computers have been disconnected and/or neutralized from the malware completely, that's because the malware hasn't been neutralized.

Also, about things being newsworthy? The news reports on what will get them ratings, this includes sensationalizing aspects to make it sound like this really did something, but from my professional perspective, it didn't and just victimized a bunch of innocent bystanders. Had Microsoft actually committed to doing the right thing, they'd go after the web hosting companies, the ISPs, the actual computers these operations are coordinated from and the individuals — the people personally responsible for the malware. If What you said was true about being paid off, Microsoft should have sought that element and to pass the case off to Law Enforcement to have No-IP's management charged criminally.

Microsoft some months back did good when they assisted the FBI and whatnot in bringing down the ZeroAccess botnet last December, That is what they should be doing, and continue to do.

The matter of the situation is: These malware issues are crimes, therefore it should be law enforcement that is bringing criminal charges against these operations, not up to Microsoft to pursue civil suits. Microsoft is not law enforcement, it should assist and push the point about these criminal operations yes, but it itself shouldn't pose as law enforcement.