Microsoft's war against botnets gained momentum as reports have emerged that the Redmond giant has disrupted threats to unsecured supply chains from Nitol botnet that was found to infect computers even before they could go on sale.
The botnet was identified to be hosted on 3322.org domain and Microsoft filed a suit to control 70,000 malicious sub-domains hosted on 3322.org. The software giant resolved the issue by reaching a settlement with Peng Yong, the operator of 3322.org.
A blog post pertaining to the settlement states how Peng Yong has agreed to work with Microsoft and Chinese Computer Emergency Response Team (CN_CERT) to:
· Resume providing authoritative name services for 3322.org, at a time and manner consistent with the terms and conditions of the settlement
· Block all connections to any of the sub-domains identified in a “block-list,” by directing them to a sinkhole computer, which is designated and managed by CN-CERT
· Add sub-domains to the block-list, as new 3322.org sub-domains associated with malware are identified by Microsoft and CN-CERT
· Cooperate, to the extent necessary, in all reasonable and appropriate steps to identify the owners of infected computers in China and assist those individuals in removing malware infection from their computers
Ever since Microsoft began collecting information on 70,000 malicious sub-domains, it has been able to block over 609 million connections from over 7,650,000 unique IP addresses to malicious 3322.org sub-domains.
In addition to blocking connections to the malicious domains, Microsoft continued to provide DNS services to unblocked 3322.org sub-domains. As of Sept. 25, Microsoft successfully processed 34,954,795 DNS requests for 3322.org sub-domains that were not part of the block list.
Microsoft began sharing the infected IP information to the Shadow Server Foundation to reach as many Internet Service Providers (ISPs) whose customers were identified as victims.
Also, Microsoft initiated data sharing with over 40 impacted countries through their respective CERTs, to accelerate clean-up efforts.
This apart, as a move to sustain the momentum in notifying and cleaning victims’ computers ongoing, notification efforts are being coordinated between Peng Yong and CN-CERT from Sept. 26. Similar efforts have already helped to curtail the global infection of Waledac, Rustock, Kelihos and Zeus botnets, the blog post observed.