Microsoft has dismissed a lawsuit against the the operator of 3322.org domain, which hosted the emerging Nitol botnet.
Two weeks ago a Microsoft study looking into unsecure supply chains led to the discovery
of the emerging Nitol botnet, which was hosted by the 3322.org domain. In order to address this threat, Microsoft filed suit to take control of the 70,000 malicious subdomains hosted on 3322.org.
Microsoft today announced it has resolved the issues in the case and has dismissed the lawsuit pursuant to the agreement. As part of the settlement, the operator of 3322.org, Peng Yong, has agreed to work in cooperation with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT).
According to the agreement, 3322.org will block all connections to any of the subdomains identified in a "block-list," by directing them to a sinkhole computer which is designated and managed by CN-CERT. New subdomains will be added to the block-list, as new 3322.org subdomains associated with malware are identified by Microsoft and CN-CERT. In addition, 3322.org will cooperate in all reasonable and appropriate steps to identify the owners of infected computers in China and assist those individuals in removing malware infection from their computers.
Since the case is settled, all evidence and discovery collected during Microsoft's investigation will be handed over to CN-CERT, who will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law.