Microsoft and malicious domain operator settle

Share this article:

After filing a suit last month, Microsoft has reached a settlement with a domain operator linked to the Nitol botnet.

Under the terms of the settlement, Peng Yong, the operator of 3322.org, which not only hosted Nitol but also hundreds of malware strains, has agreed to work with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT).

Yong has denied knowing about any malicious activity that may have taken place on the domain and subdomains. which was outlined in the original complaint. As part of the settlement, Microsoft has dropped the suit against Yong.

Yong, his company Changzhou Bei Te Kang Mu Software Technology, and accomplices listed as “John Does” were named as defendants in the case. 

On Sept. 10, the U.S. District Court in Alexandria, Va. granted a restraining order that allowed Microsoft to host the 3322.org domain instead of Yong.

Microsoft's launched its takedown effort, codenamed “Operation b70,” after discovering computers of company employees in China were pre-loaded with malware somewhere along the supply chain.

In a post Tuesday on Microsoft's TechNet blog, Richard Boscovich, the assistant general counsel for Microsoft's Digital Crimes Unit, said that since the case was settled, all evidence would be handed over to CN-CERT.

“[CN-CERT] will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law,” Boscovich wrote. “We're very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with 3322.org will never again be used for cybercrime.”

As part of the settlement, Yong also agreed to direct all malicious communications within the botnet to a sinkhole  to be managed by CN-CERT, and to add new 3322.org subdomains associated with malware to a block-list.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.