Microsoft settles botnet case against Chinese site
The software giant reached an agreement with the owner of 3322.org, a site that has been linked to malware such as the Nitol botnet.
The software giant, which originally filed the suit about two weeks ago, said today that the operator of 3322.org, Peng Yong, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team to block all malicious connections to the 3322.org domain and prevent malware infections associated with the site.
The 3322.org owner will direct all subdomains identified in a "block-list" to a sinkhole computer managed by CN-CERT. He also will cooperate in identifying the owners of infected computers in China and help individuals remove malware infections from their computers.
As a result, Microsoft dropped its lawsuit.
3322.org has been linked to malicious activity since 2008. Most recently,on new computers its employees purchased in various cities in China as part of an investigation into the security of the supply chain. That finding led researchers to a botnet called Nitol and a court order giving the company permission to take technical measures to disrupt the botnet.
Nitol had attempted to connect to a command-an-control server on a domain owned by a 3322.org. The virus installs a backdoor on computers so they can be used as part of a botnet to send spam or attack Web sites.
In response, Microsoft used a sinkhole technique to trick infected computers into communicating with researcher-controlled servers instead of command-and-control servers.
Richard Domingues Boscovich, assistant general counsel in Microsoft's digital crimes unit, said in a blog post today that the outcome will help guarantee the malicious subdomains associated with 3322.org will "never again be used for cybercrime."
"We believe the action against the Nitol botnet was particularly effective because it disrupted more than 500 different strains of malware -- potentially impacting several cybercriminal operations," he said.