Nitol botnet

The Nitol botnet mostly involved in spreading malware and distributed denial-of-service attacks.[1][2]

History

The Nitol Botnet was first discovered around December 2012, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected.[3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows.[3]

On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the 3322.org domain.[6][7] The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet.[8] Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to malware remain sinkholed.[9]

See also

References

  1. Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S.". Networkworld. Retrieved 27 December 2012.
  2. Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
  3. 1 2 Plantado, Rex (22 Oct 2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
  4. Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012.
  5. "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012.
  6. Leyden, John (13 September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012.
  7. Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012.
  8. Ollmann, Gunter (September 13, 2012). "Nitol and 3322.org Takedown by Microsoft". Damballa. Retrieved 27 December 2012.
  9. Leyden, John (4 October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.