Microsoft Settles with Chinese Site

Thursday, October 4, 2012 @ 04:10 PM gHale

Microsoft reached a settlement with the operator of a Chinese Web site whose domain and sub-domains hosted more than 500 kinds of malware, including the Nitol botnet.

In a lawsuit filed two weeks ago, Microsoft said the domain hosted Nitol, which ended up preloaded onto computers during an investigation into supply chain security last August. Microsoft created a sinkhole to divert infected computers and was able to block 609 million connections from more than 7,650,000 unique IP addresses to those subdomains in just 16 days.

Microsoft Tackles China-based Botnet
Pushdo Trojan a Master of Disguise
Warning: Google Alert Contains Trojan
Cross-Platform Trojan Steals Passwords

As part of the settlement reached in a U.S. District Court in northern Virginia, Peng Yong, the registered owner of, will work with Microsoft and China’s Computer Emergency Response Team to prevent the site from remaining a conduit for malicious activity.

Yong will: Block all connections linked to “block-listed” subdomains and direct them to a sinkhole computer managed by CN-CERT.

He will also add subdomains to the block-list as Microsoft and CN-CERT uncover them. In addition, he will find the owners of infected computers in China and assist them in removing malware from their computers.

“We’re very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with will never again be used for cybercrime,” said Richard Domingues Boscovich, Assistant General Counsel for Microsoft’s Digital Crimes Unit.
To clean up victims’ computers as quickly as possible, Microsoft shared data with more than 40 impacted countries through their respective Computer Emergency Response Teams (CERTs) beginning Sept 26. Boscovich said the massive join efforts “helped to drastically reduce the global infection of the Waledac, Rustock, Kelihos and Zeus botnets.”

In exchange for Yong’s cooperation, Microsoft agreed to drop the lawsuit it filed against him.

Dubbed “Operation b70,” the international probe found malware loaded onto machines at some point between leaving the factory and arriving to consumers.

“Cybercriminals did and continue to do this by having disreputable distributors or resellers load malware-infected counterfeit software onto computers that have shipped from the PC manufacturer without an operating system, or in some cases, with an operating system that a customer doesn’t want,” Boscovich said.

“Those infected computers are then loaded with a desired operating system that is often laden with malware and then sold to unassuming customers,” he said.

Leave a Reply

You must be logged in to post a comment.