After a failed attempt to eradicate malicious users of dynamic DNS service provider No-IP that without also taking down legitimate users, Microsoft has returned domains it seized from No-IP last week.
Last week, Microsoft was granted a court order that allowed it to take several domains owned by Vitalwerks, the company behind No-IP, and used by customers for their own sub-domains.
Microsoft alleged that No-IP did too little to stop its domains from being used by cybercriminals, and it intended to only block computers involved in a botnet. But when Microsoft took action against these bad actors on Monday, June 30, it had made a technical error that affected all the domains’ hostnames, not just malicious ones.
On Thursday, July 3, No-IP had reported in a message to customers that the 23 domains Microsoft had seized had been returned to it, and would take up to 24 hours for the DNS to fully propagate.
Microsoft has participated in domain seizures before in an attempt to disrupt malware disruption, as Ars Technica and others have noted. Its procedures typically involve surprise technical and legal measures, which sometimes eliminate legitimate threats, but they can also, as in this case, backfire.