Microsoft Settles Nitol Botnet Case
Peng Yong, the owner of 3322.org, denies knowing about any malware being hosted on the domain.
Microsoft recently announced that it has reached a settlement with Peng Yong, the owner of the domain 3322.org, which hosted Nitol and other malware.
"Microsoft took over the website in September, its fifth disruptive action against malware as part of its Project MARS (Microsoft Active Response for Security) initiative," Infosecurity reports. "After looking into whether pirated copies of Windows were making their way onto PCs in the production process in China, the discovery of pre-installed malware prompted a legal action and technical offensive that Microsoft codenamed Operation b70, targeted at cutting off Nitol and other malware at its host."
"The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322.org domain controlled by Peng and Bei Te Kang Mu Software. ... Traffic to those 3322.org subdomains will be directed to sinkholes run in cooperation with either Microsoft or the China CERT (CN-CERT), according to the agreement, and log information about the computers trying to connect to the subdomains will be shared with CN-CERT," writes Network World's Tim Greene.
"Yong has denied knowing about any malicious activity that may have taken place on the domain and subdomains. which was outlined in the original complaint," writes SC Magazine's Danielle Walker. "As part of the settlement, Microsoft has dropped the suit against Yong."
"Fighting botnets will always be a complex and difficult endeavor as cybercriminals find new and creative ways to infect peoples’ computers with malware, whether for financial gain or other nefarious purposes," Richard Domingues Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit, wrote in a blog post. "However, those working to combat cybercrime continue to make progress, and Microsoft remains committed to protecting its customers and services and to making it difficult for cybercriminals to take advantage of innocent people for their dirty work."