Jump to content

Nitol botnet

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Dawnseeker2000 (talk | contribs) at 22:57, 22 June 2016 (See also: WP:SEEALSO). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The Nitol botnet mostly involved in spreading malware and distributed denial-of-service attacks.[1][2]

History

The Nitol Botnet was first discovered around December 2012, with analysis of the botnet indicating that the botnet is mostly prevalent in China where an estimate 85% of the infections are detected.[3][4] In China the botnet was found to be present on systems that came brand-new from the factory, indicating the trojan was installed somewhere during the assembly and manufacturing process.[5] According to Microsoft the systems at risk also contained a counterfeit installation of Microsoft Windows.[3]

On 10 September 2012 Microsoft took action against the Nitol Botnet by obtaining a court order and subsequently Sinkholing the 3322.org domain.[6][7] The 3322.org domain is a Dynamic DNS which was used by the botnet creators as a command and control infrastructure for controlling their botnet.[8] Microsoft later settled with 3322.org operator Pen Yong, which allowed the latter to continue operating the domain on the condition that any subdomains linked to malware remain sinkholed.[9]

See also

References

  1. ^ Gonsalves, Antone. "Compromised Windows PCs bought in China pose risk to U.S." Networkworld. Retrieved 27 December 2012.
  2. ^ Plantado, Rex (15 Oct 2012). "MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
  3. ^ a b Plantado, Rex (22 Oct 2012). "MSRT October '12 - Nitol by the numbers". Microsoft. Microsoft Technet. Retrieved 27 December 2012.
  4. ^ Mimoso, Michael (September 13, 2012). "Microsoft Carries out Nitol Botnet Takedown". Threatpost. Retrieved 27 December 2012.
  5. ^ "Microsoft Report Exposes Malware Families Attacking Supply Chain". BBC. Retrieved 27 December 2012.
  6. ^ Leyden, John (13 September 2012). "Microsoft seizes Chinese dot-org to kill Nitol bot army". The Register. Retrieved 27 December 2012.
  7. ^ Jackson Higgins, Kelly (Sep 13, 2012). "Microsoft Intercepts 'Nitol' Botnet And 70,000 Malicious Domains". Dark Reading. Retrieved 27 December 2012.
  8. ^ Ollmann, Gunter (September 13, 2012). "Nitol and 3322.org Takedown by Microsoft". Damballa. Retrieved 27 December 2012.
  9. ^ Leyden, John (4 October 2012). "Chinese Nitol botnet host back up after Microsoft settles lawsuit". The Register. Retrieved 27 December 2012.


Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Nitol_botnet&oldid=726555802"