Microsoft Takes Aim At Nitol Botnet

By Ken Presti
September 13, 2012 5:53 PM ET

A gap in security from within the PC supply chain has led Microsoft to take action against a botnet known as Nitol. The Redmond Washington-based software vendor has also been given court authority to assume control of the 3322.org domain and approximately 70,000 subdomains that are believed to be hosting the attacks.

It is believed that the malware was loaded, from some undetermined point in the supply chain, onto brand-new PCs produced in China, which were then distributed across the globe in an already-infected state. The same machines also appear to be running counterfeit versions of Windows.

Most of the infections have been found in China, but approximately 10 percent of the devices are believed to have been shipped to the United States. Most of the command-and-control servers are believed to be located in China.

"What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer," said Microsoft Assistant General Counsel Richard Domingues Boscovich in a published blog. "So how can someone know if they’re buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can’t tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware."

It is believed that the malware facilitates a wide range of exploits and vulnerabilities such as denial of service attacks, root kits, key loggers, backdoors, etc., leveraging 500 strains of malware.

"Microsoft took action against the Nitol botnet as part of our Project MARS (Microsoft Active Response for Security) Program commitment to proactively eliminate malware threats that target our customers and cloud-based services," the blog continued. "We filed suit in the U.S. District Court for the Eastern District of Virginia alleging many of the same violations committed by the operators of the Waledac, Rustock and Kelihos botnets."

The investigation has been underway for approximately one year after malware was found on a series of computers manufactured in several locations in China. It is further believed that the attack was spread through USB drives.

The initiative, known as "Operation b70," represents Microsoft's second move against a botnet this year. The previous attempt was aimed at the Zeus botnet in March.

PUBLISHED SEPT. 13, 2012

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows