Microsoft has been very active in its attempts to go after criminal botnets in the past few years. Earlier in 2012, the company announced it had shut down an operation that was using variants of the Zeus malware program. Today, the company announced it has launched what it called Operation b70 to go after the Nitol botnet.
In a post on its official blog, Microsoft said the operation began by discovering that the malware associated with the botnet was being distributed via unofficial PC sales. The post states
In Operation b70, we discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. Malware allows criminals to steal a person’s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.
The investigation led to Microsoft finding a domain, 3322.org, that had 500 different versions of malware that were hosted on more than 70,000 sub-domains. Microsoft claims that some of the malware was capable of turning on a PC's webcam and microphone remotely, along with recording key strokes and other activities.
Microsoft was granted control of this domain on Sept 10 which allowed "Microsoft to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the 3322.org domain, while allowing all other traffic for the legitimate subdomains to operate without disruption."
Source: Microsoft blog
Piracy image via Shutterstock