Microsoft's Digital Crimes Unit Disrupts 'Nitol Botnet' with over 500 Malware Strains Hosted on 70K+ Sub-domains

Microsoft Disrupts the emerging "Nitol Botnet" being spread through an unsecure supply chain. Earlier this week, "the U.S. District Court for the Eastern District of Virginia granted Microsoft's Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people," announced Assistant General Counsel, Digital […]

Microsoft Disrupts the emerging "Nitol Botnet" being spread through an unsecure supply chain. Earlier this week, "the U.S. District Court for the Eastern District of Virginia granted Microsoft's Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people," announced Assistant General Counsel, Digital Crimes Unit, Richard Domingues Boscovich.

Codenamed Operation b70, we discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. "In fact, 20% of the PCs researchers bought from an unsecure supply chain were infected with malware. Making matters worse, the malware was capable of spreading like an infectious disease through devices like USB flash drives, potentially causing the victim's family, friends and co-workers to become infected with malware when simply sharing computer files," Boscovich said.

Microsoft Digital Crimes Unit Disrupts Nitol Botnet

"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business. Additionally, we found malware that records a person's every key stroke, allowing cybercriminals to steal a victim's personal information," Boscovich stated.

"Examples of this abuse include malware sending fake e-mails and social media posts to a victim's family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware."

The botnet was being hosted on a domain linked to malicious activity since 2008, according to the study, revealing that "in addition to hosting b70, 3322.org contained a staggering 500 different strains of malware hosted on more than 70,000 sub-domains."

"The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded onto an infected computer."