September 13, 2012

Microsoft Discovers Malware, Helps To Disrupt Massive Botnet

Michael Harper for — Your Universe Online

Cyber security can be tough. Surfing the web and using online tools can sometimes feel like walking through a darkened alley. You keep your eyes peeled, always checking your back and looking for the closest escape, just in case. As careful as they may be, what´s a web-user to do when their brand new PC arrives at their door loaded with malware before they ever plug it into the series of tubes and wires that is the World Wide Web?

According to the official Microsoft blog, brand new computers that were already infected with malware have been found in China. Security holes along the supply chain between manufacture and retailer gave cyber criminals access to these unused machines, allowing them to install the malicious software. To confirm these security holes and cases of malware, Microsoft conducted an investigation, codenamed “Operation b70,” wherein they discovered that 20% of all PCs the research teams purchased from unsecured supply chains were already infected with malware. Microsoft took these findings to the U.S. District Court for the Eastern District of Virginia, where the Redmond company was given permission to disrupt over 500 strains of incredibly dangerous malware.

“What´s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” writes Assistant General Counsel of Microsoft´s Digital Crimes Unit, Richard Domingues Boscovich.

“So how can someone know if they´re buying from an unsecured supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can´t tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”

Microsoft in particular focused on malware which enlisted PCs in to the Nitol botnet, a malicious network of computers which has been around since 2008. Using the Nitol botnet, cybercriminals are able to carry out DDoS (Distributed Denial of Service) attacks against larger networks, all without the PC owner´s knowledge. These DDoS attacks have been used to bring down Web sites for corporations such as Sony and were even said to be used to bring down the GoDaddy servers earlier this week.

Nitol also creates hidden points of vulnerability on a user´s PC, making them even more susceptible to future attacks.

Elsewhere in these infected machines, Microsoft found malware which could be used to pull personal information, such as banking data, from the user, giving these criminals access to the user´s financial accounts.

Microsoft also said they found malware which could easily be passed from machine to machine through the use of USB flash drives, potentially placing friends and family members in danger when sharing new music or family photos. Some of the malware found on these machines, according to Microsoft, was also capable of accessing the computer´s video cameras and microphones, giving the cybercriminals ears and eyes into the PC user´s home or office.

On Monday, the District Court gave Microsoft the permission to seize control of the domain, where the Nitol botnet and nearly 70,000 other malicious subdomains are said to reside.

Speaking to the Associated Press, the Chinese owner of, Peng Yong, said he knew nothing of Microsoft´s legal actions, but that his company has a "zero tolerance" policy concerning illegal activity on the domain.

"Our policy unequivocally opposes the use of any of our domain names for malicious purposes," Peng told AP.

Any PC user who believes they are a part of a botnet are encouraged to visit for help and information on how to clean their PCs.