Microsoft’s Anti-Malware “Sneak Attack” Leaves 4M Sites Down

Microsoft launched a sneak attack against malware earlier this week that did lead to two major malware networks being taken down—unfortunately at the expense of 4 million legitimate sites that were swept up as collateral damage.

The “sneak attack” was carried out after a Nevada judge gave the company permission to take control over nearly two dozen domains belonging to, a company that provides dynamic domain name services (DNS), reports security blogger Brian Krebs.

DNS is the function that translates text based URL’s into numeral based IP addresses for web servers. Dynamic DNS services allow the DNS automatically update itself when the IP of the host computer changes.  Two malware networks, those propagating the Trojan malware programs NJrat and NJw0rm – were using the dynamic DNS services offered by to keep infected computers connected with their own malware command-and-control servers.

While Microsoft did manage to take down the malware networks, they seem to have come at a high cost, that has left no-ip’s ownership and millions of its customers complaining.

“They made comments that they’d only taken down bad hostnames and were supposedly redirecting all good traffic through to users, but it’s not happening, and they’re not able to handle our traffic volumes,” Goguen said. “Many legitimate users that use our services have been down all day,” said marketing manager Natalie Goguen.

The Goguen further complained that though Microsoft had complained of 18,000 bad sites, the operation had in fact only taken down 2,000, meaning Microsoft basically swatted a fly with a sledgehammer.

“So, to go after 2,000 or so bad sites, [Microsoft] has taken down four million.”

The Nevada court that ruled to give Microsoft the power to take down the remote access malware networks noted that had received several warnings about potential malicious uses of their service, which they declined to act on.  The company denies that this is the case.


“What’s Hot” is aggregated content. claims no responsibility for the accuracy of the content published by the original source.



New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

1 Comment