On Monday, June 30, Microsoft filed a civil suit in a Nevada federal court to disrupt Bladabindi-Jenxcus, a pervasive family of malware that put millions of customers at risk.
Today, both Microsoft Corporation and Vitalwerks Internet Solutions, LLC announce they have reached a settlement in the matter of Microsoft Corporation v. Mutairi, et al.
Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks’ services.
Microsoft identified malware that had escaped Vitalwerks’ detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.
In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.
This seems a very weak joint statement. Microsoft were totally in the wrong by not following industry standards and protocols which ultimately affected a huge volume of innocent websites. While I appreciate the valiant efforts Microsoft put into trying to keep the net clean, they have to follow due procedure and minimise the disruption to legitimate users. Hopefully they have learned their lesson and I presume they are sending a truck load of money to the NoIP offices as I speak.
Congratulations No-IP! I am glad this got resolved. 🙂
—
I do however find it curious that the M$ DCU is still up to its tricks with their own malware devices. If you take a peek at their announcement on twitter at https://twitter.com/MicrosoftDCU/status/483715297111592962 you might find a deceptive practice with one of their “short” url links pointing to an alternate host yet it is advertised as going elsewhere in the text. Their page has been documented and archived in case it is possible for them to change it to deny accountability.
repost as I don’t know if this went through… sorry for the extra noise if so…
—
Congratulations No-IP! I am glad this got resolved. 🙂
—
I do however find it curious that the M$ DCU is still up to its tricks with their own malware devices. If you take a peek at their announcement on twitter at https://twitter.com/MicrosoftDCU/status/483715297111592962 you might find a deceptive practice with one of their “short” url links pointing to an alternate host yet it is advertised as going elsewhere in the text. Their page has been documented and archived in case it is possible for them to change it to deny accountability.
I think Microsoft should be sued for intentional mishandling of this situation. Their heavy-handedness caused many headaches and much rework on the part of myself and several our employees. How much private data did Microsoft scan and keep? How do we know they didn’t plant their own malware? How do we know this wasn’t just a ploy to target some specific domains used by competitive small businesses to rob them of their IP?
Microsoft when will you learn! Thank you for bringing it up but not in the right way. I had cotinous problems accessing my server and then magically it worked today… Sucks that they can push around small companies like this!
Pardon my ignorance. Does anyone know the specific law that allows one company to commandeer DNS from another company based on “Malware”. With all the malware floating around the internet it would be amazing that any IP service related company could hold DNS for longer that one day at a time!?!? What am I missing here that it is possible for Microsoft to do this?