Microsoft and malicious domain operator settle

Share this article:

After filing a suit last month, Microsoft has reached a settlement with a domain operator linked to the Nitol botnet.

Under the terms of the settlement, Peng Yong, the operator of, which not only hosted Nitol but also hundreds of malware strains, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT).

Yong has denied knowing about any malicious activity that may have taken place on the domain and subdomains. which was outlined in the original complaint. As part of the settlement, Microsoft has dropped the suit against Yong.

Yong, his company Changzhou Bei Te Kang Mu Software Technology, and accomplices listed as “John Does” were named as defendants in the case. 

On Sept. 10, the U.S. District Court in Alexandria, Va. granted a restraining order that allowed Microsoft to host the domain instead of Yong.

Microsoft's launched its takedown effort, codenamed “Operation b70,” after discovering computers of company employees in China were pre-loaded with malware somewhere along the supply chain.

In a post Tuesday on Microsoft's TechNet blog, Richard Boscovich, the assistant general counsel for Microsoft's Digital Crimes Unit, said that since the case was settled, all evidence would be handed over to CN-CERT.

“[CN-CERT] will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law,” Boscovich wrote. “We're very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with will never again be used for cybercrime.”

As part of the settlement, Yong also agreed to direct all malicious communications within the botnet to a sinkhole  to be managed by CN-CERT, and to add new subdomains associated with malware to a block-list.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.