Microsoft Disrupts Nitol Botnet
The company found that PCs were being infected during manufacture in China.
Microsoft today announced that its Digital Crimes Unit had received permission from the U.S. District Court for the Eastern District of Virginia to "disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people."
"Codenamed 'Operation b70,' this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers," Richard Domingues Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit, wrote in a blog post. "In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months."
"Boscovich said the operation began more than a year ago with the purchase of 20 computers manufactured and sold in several cities in China. Four pieces of malware -- Nitol, Trafog, Malat (all backdoors) and EggDrop -- were found on several machines," writes Threatpost's Michael Mimoso. "Nitol was the only malware that was active and was trying to connect to a command-and-control server."
"Microsoft has previously disrupted the Kelihos (around 100,000 machines) and Zeus botnets (around 13 million infections) by working closely with US officials," writes The Verge's Tom Warren. "For this week's Nitol botnet disruption, a court granted Microsoft's request to takeover the 3322.org domain name, which hosted the Nitol botnet, through a DNS redirect -- allowing the company to block Nitol and other malicious subdomains hosted at the site, including over 37 million malware connections."
"DNS security firm Nominum helped in the legal case ... as well as assisting Microsoft in filtering the 3322.org domain traffic," writes The Register's John Leyden.