All the latest UK technology news, reviews and analysis

Microsoft reaches agreement with web host linked to counterfeit Windows botnet

02 Oct 2012
Microsoft logo

Microsoft has announced it has reached a settlement with the domain hosting firm responsible for hosting the Nitol botnet.

Microsoft struck a deal which will see operator Peng Yong work with it and Chinese authorities to prevent his hosting company from supporting the infrastructure of the Nitol botnet. The settlement ends a lengthy Microsoft investigation into Chinese counterfeit Windows PCs.

"Fighting botnets will always be a complex and difficult endeavour as cyber criminals find new and creative ways to infect peoples' computers with malware, whether for financial gain or other nefarious purposes," said assistant general counsel for Microsoft Digital Crimes Unit, Richard Boscovich in a blog post.

"However, those working to combat cyber crime continue to make progress, and Microsoft remains committed to protecting its customers and services and to making it difficult for cyber criminals to take advantage of innocent people for their dirty work."

Last month, Microsoft announced the discovery of a counterfeit Windows PCs which were selling in China with pre-installed with malware.

The company found that consumers in China were purchasing knockoff Windows machines pre-packaged with the Nitol botnet during an investigation into PC supply chain lines in early September.

Nitol would carry out a distributed denial of service (DDoS) attack on systems and create backdoor access for more malware to cripple a user's computer. Microsoft discovered that Nitol was being supported by and attempted to shut down the domain provider.

Yong will now work with the Chinese Computer Emergency Response Team (CN-CERT) to make sure is no longer used to host botnets.

Yong will send any "black-listed" domains to CN-CERT where they will be moved to a sinkhole set up by the Chinese authorities. The owner will also be obligated to help anyone affected by the Nitol botnet by fixing their systems.

Yong defended his company when news of the Nitol botnet first broke, claiming that opposed hosting illegal content, but the size of its user base made it hard to police content.

Microsoft has begun notifying victims of the Nitol botnet by sharing infected IP information with the Shadow Server Foundation. The foundation is a group of volunteer internet security staff who gathers and track potential malware threats.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
James Dohnert

James is a freelance writer and editor. In addition to ClickZ, his work has appeared in publications like V3, The Commonwealth Club,, and Shonen Jump magazine. He studied Journalism at Weber State University.

More on Security
What do you think?
blog comments powered by Disqus

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

.Net Developer -

Ref: VR/01334R NET Developer/Engineer/Programmer...

C# Developer (C#,WPF,WCF,.NET4)

C# Developer (C#,WPF,WCF,.NET4) London Up to £45,000...

Web Developer (.NET, Tibco EMS, WCF, LINQ, Integration, web api

Web Developer (.NET, Tibco EMS, WCF, LINQ, Integration...

C# SWIFT Developer (C#, MVC, SQL, ASP.NET, JavaScript)

C# SWIFT Developer (C#, MVC, SQL, ASP.NET, JavaScript...
To send to more than one email address, simply separate each address with a comma.