Microsoft disrupts traffic associated with the Nitol botnet
There is an interesting article that was just published by Microsoft's Digital Crimes Unit. Attackers have been infecting manufacturer supply chains to spread their evil warez. Some unnamed manufacturers have been selling products loaded with "counterfeit versions of Windows software embedded with harmful malware." The article goes on to say that the "Malware allows criminals to steal a person’s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware." Microsoft worked with law enforcement and began filtering traffic associated with the domain 3322.org to disrupt the botnet's communications.
The full story is here: http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx
Join me in San Antonio Texas November 27th for SANS 504 Hacker Techniques, Exploits and Incident Response! Register Today!!
Mark Baggett
Twitter: @MarkBaggett
Comments
Sep 13, 2012 - "... Nitol... employs multiple domains from several free dynamic DNS providers, including -other- four-digit .ORG domain services such as
6600 .org, 7766 .org, 2288 .org and 8866 .org..."
(Highly recommend blocking those addresses also, if you haven't already.)
.
PC.Tech
Sep 13th 2012
1 decade ago