Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Microsoft zaps botnet fou...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

DainBramaged

(39,191 posts) Fri Sep 14, 2012, 08:31 AM Sep 2012

Microsoft zaps botnet found pre-installed with counterfeit Windows

Microsoft announced today that it has taken action to disrupt an emerging botnet, called Nitol, that used victims’ PCs to conduct distributed denial of service attacks and gave cybercriminals backdoor access to install other malware or data. The disruption of the botnet was the culmination of a Microsoft operation codenamed “b70,” which was launched as the result of discoveries made during an investigation into the distribution of counterfeit software by computer resellers in China.

First, the company was granted temporary restraining orders against an individual named Peng Yong and his company based in Changzhou, China. Then, Microsoft took over hosting 3222.org—the domain hosting the Nitol botnet and “nearly 70,000 other malicious subdomains”—according to a blog post describing the operation written by Richard Domingues Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit. In addition to the Nitol command and control network, the domain hosted over 500 strains of various other malware, including trojans that record victims' keyboard entry and take control of PCs' Web cameras and microphones. The 3222.org domain has been tied to malware activity dating back to 2008.

Microsoft researchers in China initially discovered Nitol while investigating the sale of computers loaded with counterfeit copies of the Windows operating system. In August of 2011, members of Microsoft’s Digital Crimes Unit purchased 20 computers—a mix of laptops and desktops—from computer resellers across China. Four of the computers purchased were found to be pre-infected with malware, including one with the Nitol botnet. Nitol was the only malware found that actively attempted to connect to a command and control network.

Nitol provided attackers with an HTTP-based backdoor to infected computers. It distributes itself as a dynamic link library called LPK.DLL, the name of a software module that gets called by all Windows applications with a user interface. Nitol copies itself when activated into any directory that has executable programs in it—including those on USB drives and other removable media. By default, applications look in the directory they’re installed in for DLLs before looking in other directories defined by the system. So this virus is able to get the applications installed on the PC to load it without having to fool users into installing anything.


http://arstechnica.com/security/2012/09/microsoft-zaps-botnet-found-pre-installed-with-counterfeit-windows/

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 0 replies, 591 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (4) ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Microsoft zaps botnet fou...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.