Microsoft seizes Chinese botnet domain

By on
Microsoft seizes Chinese botnet domain

Wins court injunction against alleged owners.

Microsoft is preparing to seize a Chinese-owned domain and up to 70,000 sub-domains believed to host a malicious botnet aimed at performing distributed denial of service attacks through infected machines.

A United States District Court granted the software giant's request to host the 3322.org domain, beileved to be the source of the emerging Nitol botnet and more than 500 other different strains of malware with the potential for targeting millions of innocent people.

It placed a restraining order against the alleged owners of the domain — Peng Yong, Bei Tei Kang Mu Software Technology trading as Bitcomm Ltd, and up to three other unnamed people — for violating federal law, according to court papers.

The Associated Press reported that Peng was not aware of the court injunction and denies allegations of hosting malware.

Nitol spreads through the network and removable devices such as USB sticks. It performs distributed denial of service attacks and also allows attackers to run arbitrary software on infected systems.

The malware is most likely of Chinese origin and concentrated mainly that country, but has spread around the world with infections in the US, Russia, Australia and Germany and Microsoft.

Richard Boscovich, a former US federal prosecutor and now assistant general counsel for Microsoft's Digital Crime Unit, said the company had discovered instances of the malware being distributed on machines sold through retailers with counterfeit versions of Windows.

"What's especially disturbing is that the counterfeit software embedded with malware could have entered the [supply] chain at any point as a computer travels among companies that transport and resell the computer," Boscovich wrote in a blog entry.

He argued that as people can't tell if a supply chain is unsecure or not, exploitation of a broken one is an "especially dangerous vehicle for infecting people with malware".

The company had begun tracking down the source of the botnet and the insecure supply chain under Operation b70 since August last year, buying 20 computers from different cities in China.

One, a Hedy laptop running Windows XP Service Pack 3, was found to have been "carelessly or intentionally infected with Nitol".

Although the malware has come to the fore this year, Boscovich suggested the botnet was "being hosted on a domain linked to malicious activity since 2008".

However, Boscovich said that Peng had ignored past warnings by other online security firms.

According to cloud security firm Zscaler, the 3322.org domain accounted for more than 17 percent of the world's malicious web traffic in 2009 and, since the court order, over 37 million malware connections to the domain have been blocked.

Microsoft has taken action against several botnets in recent months, including tracking down two Russians allegedly behind the Zeus Botnet.

The company also claims to have disrupted the Waledac, Rustock and Kelihos botnets over the past two years.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?