Microsoft charges caused by botnet malware coming in pirated versions of Windows
Microsoft announced that stopped an emerging Botnet called Nitol, who used their PCs zombies for Distributed Denial of Service (DDoS) and handed the driver a backdoor to install Malware or data on infected computers.
Nitol was discovered when researchers at Microsoft in China investigating the sale of computers that came with Windows installed pirated versions. In August 2011, the Microsoft Digital Crimes Unit purchased 20 of these machines (a mix between laptops and desktops) of several resellers in China, finding that four of them came with malware, including that of the botnet.
The computers in the botnet Nitol communicated with a DNS server which was given command of the Chinese site 3322.org, who had been linked to malicious activity since 2008. The researchers also discovered that other servers using 3322.org, which gave their services for free, housed more than 500 different versions of malware in over 70,000 subdomains.
Microsoft won a court order in the United States to take control of 3322.org, disrupt the operation of the botnet. Subdomains legitimate activity that will keep running, the company said, while those associated with the malware will be interrupted.
Link: Microsoft zaps botnet found pre-installed with counterfeit Windows (ArsTechnica)Tags: Botnet, Malware, Microsoft, Nitol, Security, Virus