Microsoft and malicious domain operator settle

After filing a suit last month, Microsoft has reached a settlement with a domain operator linked to the Nitol botnet.

Under the terms of the settlement, Peng Yong, the operator of 3322.org, which not only hosted Nitol but also hundreds of malware strains, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT).

Yong has denied knowing about any malicious activity that may have taken place on the domain and subdomains. which was outlined in the original complaint. As part of the settlement, Microsoft has dropped the suit against Yong.

Yong, his company Changzhou Bei Te Kang Mu Software Technology, and accomplices listed as “John Does” were named as defendants in the case. 

On Sept. 10, the U.S. District Court in Alexandria, Va. granted a restraining order that allowed Microsoft to host the 3322.org domain instead of Yong.

Microsoft's launched its takedown effort, codenamed “Operation b70,” after discovering computers of company employees in China were pre-loaded with malware somewhere along the supply chain.

In a post Tuesday on Microsoft's TechNet blog, Richard Boscovich, the assistant general counsel for Microsoft's Digital Crimes Unit, said that since the case was settled, all evidence would be handed over to CN-CERT.

“[CN-CERT] will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law,” Boscovich wrote. “We're very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with 3322.org will never again be used for cybercrime.”

As part of the settlement, Yong also agreed to direct all malicious communications within the botnet to a sinkhole  to be managed by CN-CERT, and to add new 3322.org subdomains associated with malware to a block-list.