Nitol botnet
The Nitol botnet is a botnet mostly involved in spreading malware and distributed denial-of-service attacks.[1][2]
History
The Nitol Botnet was first discovered around December 2012, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected.[3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows.[3]
On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the 3322.org domain.[6][7] The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet.[8] Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to malware remain sinkholed.[9]
See also
- Malware
- Internet crime
- Internet security
References
- ↑ Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S.". Networkworld. Retrieved 27 December 2012.
- ↑ Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
- ↑ 3.0 3.1 Plantado, Rex (22-oct-2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
- ↑ Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012.
- ↑ "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012.
- ↑ Leyden, John (13 September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012.
- ↑ Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012.
- ↑ Ollmann, Gunter (September 13, 2012). "Nitol and 3322.org Takedown by Microsoft". Damballa. Retrieved 27 December 2012.
- ↑ Leyden, John (4 October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012.
External links
- Analysis of the Nitol Botnet, created by Microsoft as part of Operation b70
|