Microsoft is blow to Nitol botnets


Microsoft have apparently managed to dig an important domain of "Nitol" botnets. According to the company blog, a federal court of the State of Virginia issued on 10 September permission for Microsoft to take over the domain. It is thought that the virus among other over insecure distribution chains spread in the cyber criminals have apparently smuggled fake, already infected Windows software on brand new computers.

In August 2011 launched "Operation b70" (PDF file) Microsoft's security team had initially made ​​test purchases in various Chinese cities and on new computers detected infections. Among other things found on a computer and the "Nitol" virus that infected computers abused for DDoS attacks, and can be transferred via USB memory to another computer.

The analysis of the virus led to the 3322.org domain, which should be, according to Microsoft since 2008 been the starting point of numerous illegal activities. In addition to a command-and-control servers of Nitol found here more than 500 types of malware that were hosted on 70,000 subdomains. This included malicious software that allowed the criminals to access cameras and microphones, a computer, as well as programs to spy on keystrokes.

With the judge's permission, the addresses of the domain are currently being resolved in Microsoft newly created DNS servers. So shall the Nitol-network operations and the 70,000 suspicious subdomains are suppressed, while protecting the legitimate subdomains are not affected.

No comments:

Post a Comment