Thursday, September 13, 2012

Microsoft Tracks Nitol Botnet Pre-installed in Factory

A Microsoft investigation found that cybercriminals have infiltrated unsecure supply chains to introduce counterfeit Windows software embedded with malware at factories in China.  Microsoft's Operation b70, which stemmed from the study, tracked retailers who were selling computers loaded with counterfeit versions of Windows software embedded with the the Nitol botnet. 

Microsoft has just won a restraining order in U.S. District Court for the Eastern District of Virginia, granting it permission to take over the hosting of the domain, which hosted the Nitol botnet.  Microsoft’s newly created domain name system (DNS) enables it to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the domain, while allowing all other traffic for the legitimate subdomains to operate without disruption.

The case is documented in a blog posting on the Microsoft site.