X

Microsoft settles botnet case against Chinese site

The software giant reached an agreement with the owner of 3322.org, a site that has been linked to malware such as the Nitol botnet.

Shara Tibken Former managing editor
Shara Tibken was a managing editor at CNET News, overseeing a team covering tech policy, EU tech, mobile and the digital divide. She previously covered mobile as a senior reporter at CNET and also wrote for Dow Jones Newswires and The Wall Street Journal. Shara is a native Midwesterner who still prefers "pop" over "soda."
Shara Tibken
2 min read
Nitol infections are primarily in China, according to this map from the Microsoft study.
Nitol infections are primarily in China, according to this map from the Microsoft study. Microsoft
Microsoft reached a settlement in its legal case against a Web site that has been linked to malicious activity, with the Chinese company agreeing to block malware tied to its domain.

The software giant, which originally filed the suit about two weeks ago, said today that the operator of 3322.org, Peng Yong, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team to block all malicious connections to the 3322.org domain and prevent malware infections associated with the site.

The 3322.org owner will direct all subdomains identified in a "block-list" to a sinkhole computer managed by CN-CERT. He also will cooperate in identifying the owners of infected computers in China and help individuals remove malware infections from their computers.

As a result, Microsoft dropped its lawsuit.

3322.org has been linked to malicious activity since 2008. Most recently, Microsoft revealed it had found malware on new computers its employees purchased in various cities in China as part of an investigation into the security of the supply chain. That finding led researchers to a botnet called Nitol and a court order giving the company permission to take technical measures to disrupt the botnet.

Nitol had attempted to connect to a command-an-control server on a domain owned by a 3322.org. The virus installs a backdoor on computers so they can be used as part of a botnet to send spam or attack Web sites.

In response, Microsoft used a sinkhole technique to trick infected computers into communicating with researcher-controlled servers instead of command-and-control servers.

Richard Domingues Boscovich, assistant general counsel in Microsoft's digital crimes unit, said in a blog post today that the outcome will help guarantee the malicious subdomains associated with 3322.org will "never again be used for cybercrime."

"We believe the action against the Nitol botnet was particularly effective because it disrupted more than 500 different strains of malware -- potentially impacting several cybercriminal operations," he said.