updated 01:10 am EDT, Fri September 14, 2012
Hundreds of strains of malware hosted on 70,000 domains
Microsoft announced Thursday that it was granted permission by the US District Court for the Eastern District of Virginia to wrest control of the "Nitol" botnet. In the filing, Microsoft described how it purchased computers from several districts in China, and approximately 20 percent of them came pre-infected with the malware. Titled "Operation B70" by Microsoft, the seizure of the botnet hubs is the latest attack that the manufacturer has undertaken in an attempt to derail large-scale internet crime operations based off of its operating system.
The target of the attack was 3322.org, a Chinese-based dynamic DNS provider, giving pseudo-static IP benefits to internet users that have service providers that frequently change hosted IP addresses. The Federal court was briefed on "a staggering 500 different strains of malware hosted on more than 70,000 subdomains" by Microsoft for the rationale behind the counterattack.
The target is owned by a Chinese firm, but the .org registry is controlled by the Public Interest Registry, a Virginia-incorporated company based in Washington D.C. suburb Reston, VA.
Steven Adair, a security expert with Shadowserver.org, a nonprofit that helps ISPs track malware attacks said that the 3322.org domain has been “a hot spot for malware used to conduct cyber espionage for several years now." He went on to explain that the 3322.org group is a prime suspect in malware attacks aimed to steal corporate and US Government secrets.