Microsoft and malicious domain operator settle

Share this article:

After filing a suit last month, Microsoft has reached a settlement with a domain operator linked to the Nitol botnet.

Under the terms of the settlement, Peng Yong, the operator of 3322.org, which not only hosted Nitol but also hundreds of malware strains, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT).

Yong has denied knowing about any malicious activity that may have taken place on the domain and subdomains. which was outlined in the original complaint. As part of the settlement, Microsoft has dropped the suit against Yong.

Yong, his company Changzhou Bei Te Kang Mu Software Technology, and accomplices listed as “John Does” were named as defendants in the case. 

On Sept. 10, the U.S. District Court in Alexandria, Va. granted a restraining order that allowed Microsoft to host the 3322.org domain instead of Yong.

Microsoft's launched its takedown effort, codenamed “Operation b70,” after discovering computers of company employees in China were pre-loaded with malware somewhere along the supply chain.

In a post Tuesday on Microsoft's TechNet blog, Richard Boscovich, the assistant general counsel for Microsoft's Digital Crimes Unit, said that since the case was settled, all evidence would be handed over to CN-CERT.

“[CN-CERT] will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law,” Boscovich wrote. “We're very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with 3322.org will never again be used for cybercrime.”

As part of the settlement, Yong also agreed to direct all malicious communications within the botnet to a sinkhole  to be managed by CN-CERT, and to add new 3322.org subdomains associated with malware to a block-list.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.