Nitol botnet

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Nitol botnet mostly involved in spreading malware and distributed denial-of-service attacks.[1][2]


The Nitol Botnet was first discovered around December 2012, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected.[3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows.[3]

On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the domain.[6][7] The domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet.[8] Microsoft later settled with operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to malware remain sinkholed.[9]

See also[edit]


  1. ^ Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S." Networkworld. Retrieved 27 December 2012. 
  2. ^ Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012. 
  3. ^ a b Plantado, Rex (22 Oct 2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012. 
  4. ^ Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012. 
  5. ^ "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012. 
  6. ^ Leyden, John (13 September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012. 
  7. ^ Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012. 
  8. ^ Ollmann, Gunter (September 13, 2012). "Nitol and Takedown by Microsoft". Damballa. Retrieved 27 December 2012. 
  9. ^ Leyden, John (4 October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012. 

External links[edit]