June 15, 2021

Microsoft reaches settlement with domain operator linked to the Nitol botnet

(LiveHacking.Com) – Microsoft has reached a legal settlement with the hosting company which operated 3322.org, a domain linked to the Nitol botnet. The deal, which was reached with Peng Yong and his company Changzhou Bei Te Kang Mu Software Technology, is the result of an investigation Microsoft conducted into counterfeit Windows PCs made in China.

Microsoft  discovered that consumers in China were buying cheap counterfeit Windows based PCs which came with malware pre-installed. The malware, known as Nitol, was used to run distributed denial of service (DDoS) attacks as well as create backdoors onto the PCs. The domain 3322.org was part of the infrastructure supporting the botnot. Subsequently Microsoft started legal action to take control of the 70,000 malicious subdomains hosted on 3322.org.

The investigation revealed that the malware was not being pre-installed on computers in the factory but rather the cybercriminals had disreputable distributors or resellers load the malware-infected counterfeit software onto the computers before the final delivery to the customer.

Now, Peng Yong has agreed to work with Microsoft and and the Chinese Computer Emergency Response Team (CN-CERT) authorities to stop any further misuse of servers in his company. Any future black-listed domains will be moved into a sinkhole that has been established by CN-CERT. Also Yong is required to fix the systems of anyone affected by the botnet. Microsoft has already started to contact the Nitol victims with the help of the Shadow Server Foundation.

Since taking control of 3322.org, just over two weeks ago, Microsoft has been able to block more than 609 million connections from over 7,650,000 unique IP addresses.

“Fighting botnets will always be a complex and difficult endeavor as cybercriminals find new and creative ways to infect peoples’ computers with malware, whether for financial gain or other nefarious purposes. However, those working to combat cybercrime continue to make progress, and Microsoft remains committed to protecting its customers and services and to making it difficult for cybercriminals to take advantage of innocent people for their dirty work,” wrote assistant general counsel for Microsoft Digital Crimes Unit Richard Domingues Boscovich.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks