Earlier this week, the U.S. District Court for the Eastern District of Virginia granted Microsoft?s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people.
Codenamed "Operation b70," this legal action and technical disruption was Microsoft's second botnet disruption in the last six months.
A supply chain between a manufacturer and a consumer becomes unsecure when a distributor or reseller receives or sells products from unknown or unauthorized sources. In Operation b70, Microsoft discovered that China-based retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. Malware allows criminals to steal a person?s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts.
Microsoft's research into Nitol uncovered that the botnet was being hosted on a domain linked to malicious activity since 2008. This study also revealed that in addition to hosting b70, 3322.org contained a staggering 500 different strains of malware hosted on more than 70,000 sub-domains. Microsoft found malware capable of remotely turning on an infected computer?s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim?s home or business. Additionally, Microsoft found malware that records a person?s every key stroke, allowing cybercriminals to steal a victim?s personal information. The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim?s computer to allow even more malware.
On Sept. 10, the U.S. District Court for the Eastern District of Virgini granted Microsoft?s request for an ex parte temporary restraining order against Peng Yong, his company and other John Does. The order allows Microsoft to host the 3322.org domain, which hosted the Nitol botnet, through Microsoft?s newly created domain name system (DNS). This system enables Microsoft to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the 3322.org domain, while allowing all other traffic for the legitimate subdomains to operate without disruption.