"Microsoft says that a supply chain becomes
unsecure when reseller accepts stock from an untrustworthy source. After
launching an investigation into these unsecure supply chains, Microsoft
determined that it was being hosted at 3322.org, which contained a
"staggering 500 different strains of malware hosted on more than 70,000
sub-domains." The company obtained an ex parte temporary restraining
that allows it to take control of 3322.org, thus stopping the spread of
Nitol from it and its sub-domains.
In a write-up on the Microsoft Blog,
the company says that 20% of the PCs purchased from an unsecure supply
chain during its investigation were infected with malware, which
obviously isn't good. Nitol is capable of spreading to other machines
and devices through things like USB flash drives, making the problem
even more severe. Once you've been infected, all kinds of nasty things
can happen to your computer,
from the malware distributors remotely activating your webcams and
microphones to listen in on what you're doing, to logging all of your
keystrokes and netting your personal information without you ever
knowing your security has been breached."
3322.org now under Microsoft control.
"Microsoft's digital crimes unit has put the clamps on yet another massive botnet.
This time, the company has taken over the command and control domain
for the emerging Nitol, 3322.org. It wasn't alone on the domain, either:
in total, there were more than 500 different malware strains found
linked to some 70,000 subdomains. With a court order in hand, Microsoft
was able to wrestle DNS control from Chinese businessman Peng Yong and
his company. Going forward, traffic to and from the domain will be
filtered to ensure that unsuspecting end users aren't victimized by
Nitol or one of the other malware strains found on 3322.org.
While this takedown isn't on the same scale as Microsoft's previous actions
against Waledac, Kelihos, or Rustock, there is something unique about
Nitol. This time around, Microsoft was alerted to the problem when some
of its security operatives were investigating unsecured supply chains
and counterfeit Windows installations in China. Microsoft's
investigators found that 20% of the systems they purchased as part of
their supply chain research came with some unwanted baggage — and it
wasn't just HP or Toshiba-style software bloat. Nope, it was full-blown
malware, capable of redirecting DNS requests, sending spam, and
propogating itself via USB flash drives and local area networks."