Less than a month since Microsoft’s revelation that it had disrupted the functioning of the Nitol botnet by effecting a takedown of a domain (3322.org) which was also hosting over 500 different strains of malware, the Assistant General Counsel with the Microsoft Digital Crimes Unit Richard Boscovich says that Microsoft has dismissed the lawsuit following a settlement it reached with Peng Yong, the operator of the domain.
According to the settlement agreement, Peng Yong has agreed to:
- Resume providing authoritative name services for 3322.org, at a time and in a manner consistent with the terms and conditions of the settlement.
- Block all connections to any of the subdomains identified in a “block-list,” by directing them to a sinkhole computer which is designated and managed by CN-CERT.
- Add subdomains to the block-list, as new 3322.org subdomains associated with malware are identified by Microsoft and CN-CERT.
- Cooperate, to the extent necessary, in all reasonable and appropriate steps to identify the owners of infected computers in China and assist those individuals in removing malware infection from their computers.
Victims have already been identified and Microsoft has initiated the data sharing of their details to their ISPs through their national CERTs. Notifications about the infection are in the process of being sent out to the affected users.
“Of note, in the 16 days since we began collecting data on the 70,000 malicious subdomains, we have been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious 3322.org subdomains,” Boscovich points out. “In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked 3322.org subdomains.