Nitol Botnet gets Crushed Thanks to Microsoft

The DCU of Microsoft has given a blow to Nitol, one fresh rising botnet during a campaign that the Redmond Company named Operation b70, published Softpedia.com dated September 13, 2012. But, prior to the takedown, Microsoft acquired consent from certain United States District Court.

Richard Domingues Boscovich, Assistant General Counsel at Microsoft's DCU, stated that during August 2011, when Microsoft embarked on a probe into the safety of supply chains, it found the Nitol malware that was already installed on PCs made inside China and which had fake Windows OSes running. More investigation disclosed that domains and subsidiary domains named 3322.org were hosting over 500 separate malware programs in addition to Nitol. Specifically, Nitol's capabilities included keystroke logging, backdoor and rootkit attacks, creating denial-of-service conditions, amongst others, said Boscovich. Threatpost.com published this on September 13, 2012.

Originally, the DCU, during August 2011, bought 20 PCs comprising desktops and laptops from retailers in China and discovered that 4 of them were already malware-contaminated. In particular, 1 PC had the Nitol bot that was the sole malicious program, which tried to link up with some command-and-control (C&C) infrastructure.

In its report, according to Microsoft, those who created Nitol made it disseminate through detachable devices like USB flash drives as also network shares duly mapped. Thus if an USB drive, say, was plugged into an infected system, it too got infected. Moreover, the malware Nitol would make its own replica onto directories having specific file folders and software. This facilitated it to manipulate Windows utilized software-loading procedures whilst applications were executed onto the system.

Elsewhere Boscovich stated that Microsoft had managed to block the above mentioned domain 3322.org along with almost 70,000 other harmful subsidiary domains. Theinquirer.net published this on September 13, 2012.

Boscovich elaborated that the successful blockage would considerably lessen the aftereffects following from the Nitol and 3322.org related threats in addition to enable in saving end-users' PCs from the malware's clutches.

Reportedly, with Nitol, Microsoft has performed a second botnet shutdown within 6-months. Earlier during March 2012, the company legally charged 39 people associated with ZeuS botnet's operation, the Trojan that apparently contaminated 13m-or-so computers.

» SPAMfighter News - 9/19/2012