Microsoft’s Operation B70 Wins Another Battle Against Spam and Malware

Microsoft struck another blow against spammers last week in an operation code-named b70. The US District Court for the Eastern District of Virginia granted Microsoft an ex parte temporary restraining order against Peng Yong and other John Does following a month’s long research project into the propagation of malware into the supply chain of PCs.

Microsoft performed a close study of PC supply chains, and found that in many instances, counterfeit versions of operating systems and software, introduced onto PCs at points between the manufacture of the hardware, and the purchase at retail came complete with various malware preinstalled and ready to exploit the consumer. Malware includes keyloggers, remote access Trojans, and software that could be used to remotely access webcams and microphones. In many cases this same software could propagate automatically through USB keys, email, and more.

Many of the infected systems participated in botnets used to send spam, as well as launch distributed denial of service attacks against others. The court order allowed Microsoft to disrupt the operations of the Nitol botnet, and to take control of the 3322.org domain, taking over DNS operations for that domain and over 70,000 subdomains, hosting over 500 different strains of malware.

According to a blog post authored by Richard Boscovich, Assistant General Counsel for Microsoft’s Digital Crimes Unit, the Microsoft study found that as many as 20% of PCs purchased from supply chains using counterfeit software were infected with malware.

Nominum, a DNS solutions and security company, was instrumental in assisting Microsoft with both the research and in the legal filings, serving as a declarant in the case. You can read more about this on Microsoft’s DCU blog at http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx, and the legal filings at http://noticeofpleadings.com/.

Written by Casper Manes

I currently work as a Senior Messaging Consultant for one of the premier consulting firms in the world, I cut my teeth on Exchange 5.0, and have worked with every version of Microsoft’s awesome email package since then, as well as MHS, Sendmail, and MailEnable systems. I've written dozens of articles on behalf of my past employers, their partners, and others, and I finally decided to embrace blogging and social media, so please follow me on Twitter @caspermanes if you enjoy my posts.

0 Comments

  1. Sienna Biggs · September 19, 2012

    Hmmm… that’s interesting. Perhaps Microsoft is trying to correct its image now, especially after it’s been accused as the biggest spammer in the world (which is extremely ironic). But hey, IE isn’t the most secure browser out there, and don’t let me get started with Hotmail. Outlook.com, though, is another story. I’ve been using it for quite some time now, and I’m loving it! Anyway, I shouldn’t chastise Microsoft for today. I think any step against spam is commendable. It makes me feel that there’s still some hope and that we can expect cleaner inboxes in the next few years.

  2. Maria Ortiz · September 19, 2012

    This is really scary you can buy a new computer with all the malware already in it. I suppose this isn’t an isolated case but probably hackers have infiltrated PC shops as well and this is where all the millions of infected computers come from. Good for Microsoft that they targeted this but for me it is a reminded that even a brand new computer needs to be thoroughly examined for malware – trust nobody!

  3. Earl williams · September 25, 2012

    We definitely need more stories like this one. I know that the others think this is kind of a very shallow penalty, but the good news is we are making great progress. Or at least someone is already paying the consequences of their wrongdoing. Now I feel that there’s really hope we can get rid of spam. What we should aim, nevertheless, is to add more people to this statistic and yea spread the word. We should remain proactive and participative, because these agencies that try to protect us cannot do a lot without our strong support to all their programs.

  4. Kevin · September 25, 2012

    Well, this is some cool change. This blog seems to be filled with bad news about how we can beat bots, spams, and phishing scams. And what’s interesting is that it’s actually Microsoft that “sent” the culprit in prison. Didn’t we just hear about how Microsoft earned the worst spammer in the world? That’s definitely ironic. But I also don’t discount the fact the guys are really working hard to stop spam once and for all. Who knows they may eventually find the best solution so we can say goodbye to it forever?

Leave A Reply