Microsoft Settles with Defendants in Nitol Botnet Case

Last month, we reported about an operation conducted by Microsoft to disrupt the Nitol botnet. The operation, titled Operation b70 was a result of a study conducted by Microsoft which discovered pirated copies of Windows embedded with malware. As a part of the operation  Microsoft’s Digital Crimes Unit had asked to be allowed to take control of the domain which was used to host the botnet.

Assistant General Counsel for Microsoft Digital Crimes Unit,Richard Domingues Boscovich has stated in a blog post that they have reached a settlement with Peng Yong, operators of domain. He states:

Today, I am pleased to announce that Microsoft has resolved the issues in the case and has dismissed the lawsuit pursuant to the agreement. As part of the settlement, the operator of, Peng Yong, has agreed to work in cooperation with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT) to:

· Resume providing authoritative name services for, at a time and in a manner consistent with the terms and conditions of the settlement.

· Block all connections to any of the subdomains identified in a “block-list,” by directing them to a sinkhole computer which is designated and managed by CN-CERT.

· Add subdomains to the block-list, as new subdomains associated with malware are identified by Microsoft and CN-CERT.

· Cooperate, to the extent necessary, in all reasonable and appropriate steps to identify the owners of infected computers in China and assist those individuals in removing malware infection from their computers.

In accordance with the settlement, Peng Yong will work with Microsoft and Chinese Computer Emergency Response Team to remove all malware associated with the domain and bring to justice all those responsible for spreading the malware.

Richard also shared some statistics regarding the blocked domains.

Of note, in 16 days since we began collecting data on the 70,000 malicious subdomains, we have been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious subdomains. In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked subdomains. For example, on Sept. 25, we successfully processed 34,954,795 DNS requests for subdomains that were not on our block list.

The operation is a part of Microsoft’s larger MAPS program intended to provide protection to the users of its Windows operating system.

Via: Technet 

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6