All the latest UK technology news, reviews and analysis


Microsoft reaches agreement with web host linked to counterfeit Windows botnet

02 Oct 2012
Microsoft logo

Microsoft has announced it has reached a settlement with the domain hosting firm responsible for hosting the Nitol botnet.

Microsoft struck a deal which will see 3322.org operator Peng Yong work with it and Chinese authorities to prevent his hosting company from supporting the infrastructure of the Nitol botnet. The settlement ends a lengthy Microsoft investigation into Chinese counterfeit Windows PCs.

"Fighting botnets will always be a complex and difficult endeavour as cyber criminals find new and creative ways to infect peoples' computers with malware, whether for financial gain or other nefarious purposes," said assistant general counsel for Microsoft Digital Crimes Unit, Richard Boscovich in a blog post.

"However, those working to combat cyber crime continue to make progress, and Microsoft remains committed to protecting its customers and services and to making it difficult for cyber criminals to take advantage of innocent people for their dirty work."

Last month, Microsoft announced the discovery of a counterfeit Windows PCs which were selling in China with pre-installed with malware.

The company found that consumers in China were purchasing knockoff Windows machines pre-packaged with the Nitol botnet during an investigation into PC supply chain lines in early September.

Nitol would carry out a distributed denial of service (DDoS) attack on systems and create backdoor access for more malware to cripple a user's computer. Microsoft discovered that Nitol was being supported by 3322.org and attempted to shut down the domain provider.

Yong will now work with the Chinese Computer Emergency Response Team (CN-CERT) to make sure 3322.org is no longer used to host botnets.

Yong will send any "black-listed" domains to CN-CERT where they will be moved to a sinkhole set up by the Chinese authorities. The 3322.org owner will also be obligated to help anyone affected by the Nitol botnet by fixing their systems.

Yong defended his company when news of the Nitol botnet first broke, claiming that 3322.org opposed hosting illegal content, but the size of its user base made it hard to police content.

Microsoft has begun notifying victims of the Nitol botnet by sharing infected IP information with the Shadow Server Foundation. The foundation is a group of volunteer internet security staff who gathers and track potential malware threats.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert
About

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club, CachedTech.com, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
15%
32%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Web application security tester - home based anywhere in UK with trave

Skill Description: Web application security tester...

Factoring / Pay Rolling System Configuration Analyst

My Client, a market leader in their field require a Factoring...

Head of Information Security - Security Manager

You will come from a services and client facing environment...

Business Analyst - Marketing / Gaming

Business Analyst / BA / Database / Marketing / Agency...
To send to more than one email address, simply separate each address with a comma.