Malware authors, however, like to leverage services like No-IP to distribute and control their malicious software. They can constantly change IP addresses for CNC servers without knocking their network offline. These sites make up a tiny percentage of the total, of course. According to Microsoft’s court papers, around 18,000 No-IP names were part of the njrat and njworm malware network.
The plan was to descend upon No-IP’s network, take out the offenders, and filter the rest of the service’s traffic so that legitimate sites weren’t affected. As it turned out, Microsoft wasn’t able to make good on that promise. Support requests from No-IP customers that can’t access their sites are piling up, and No-IP is understandably miffed.
To make matters worse, No-IP said that the vast majority of the names Microsoft listed were no longer active when they showed up on No-IP’s doorstep. In fact, only about 2,000 out of the 18,000 were. The other 3,998,000? Well, you’re bound to hit a few things by accident when you swing a really big hammer, eh, Microsoft?