Microsoft’s Digital Crimes Unit has thrown a wrench into the Nitol Botnet. The botnet, which hosted over 500 different types of malware on over 70,000 subdomains, was disrupted by an investigation dubbed Operation b70. Unlike other botnets, this one spread via the supply chain, embedded in counterfeit copies of Windows preinstalled on new computers.
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business. Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information,” stated Assistant General Counsel Richard Domingues Boscovich. “Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.”
The botnet used domains hosted by 3322.org. 3322.org, located inChina, is notorious for being a haven for spammers and cybercriminals. Such providers are known as bulletproof because they ignore abuse complaints and take down requests. Right now about 70 botnets use 3322.org to host their command and control servers. These servers send commands to the botnet and control their spamming activities.
This so-called take down isn’t likely to have much of an impact. First, Nitol is not considered a serious threat, and second, cybercriminals are rarely stymied by take downs anymore. They learned a lot from the infamous McColo shutdown, which knocked out several huge botnets for months and briefly sent the world’s spam volume plummeting.