In mid-September, Microsoft announced what it called "Operation b70", an effort to shut down the Nitol botnet. This particular botnet was based, at least in part, on malware that was actually pre-loaded onto "computers loaded with counterfeit versions of Windows software."
The effort included going after a particular Internet domain, 3322.org, that had 500 different versions of malware that were hosted on more than 70,000 sub-domains. At the time, the company filed a lawsuit against the owner of the domain. Today, Microsoft announced that it has now reached a settlement with the owner of the domain, Peng Yong.
The terms of the settlement include Yong working with both Microsoft and the Chinese Computer Emergency Response Team on a way to direct all of the malware-infected PCs to a "sinkhole" in the 3322.org sub-domains.
Microsoft's blog added:
Of note, in the 16 days since we began collecting data on the 70,000 malicious subdomains, we have been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious 3322.org subdomains. In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked 3322.org subdomains. For example, on Sept. 25, we successfully processed 34,954,795 DNS requests for 3322.org subdomains that were not on our block list.
The company has previously said some of the malware that were a part of the botnet were capable of turning on a PC's webcam and microphone remotely, along with recording key strokes and other activities.
Source: Microsoft News blog | Image via Microsoft
2 Comments - Add comment