Categories: PCSecurityWorkspace

Microsoft Finds Nitol Botnet Malware On PCs In Chinese Supply Chain

Microsoft has discovered that several new computers in China have been carrying the Nitol botnet malware and has called for security in its supply chain to be improved.

The malicious software allows cyber criminals to steal personal information such as bank account details and take control of personal computers. A US court has granted Microsoft permission to seize control of one Chinese domain which has been linked to cybercrime since 2008.

Chinese Malware

Investigators from a Microsoft group called “operation b70” bought ten desktops and ten laptops from different cities in China and found that four were infected by viruses, which had been installed by some Chinese PC manufacturers. Of particular concern is a botnet virus called Nitol which is used to steal from online bank accounts and carry out distributed denial of service (DDoS) attacks.

Nitol attempted to connect to its command and control system as soon as the PC was switched on and was eventually linked to the 3222.org domain. This domain had 70,000 different sub-domains used by 500 different types of Malware.

Microsoft also found malware that was capable of remotely operating microphones or video cameras as well as keyloggers that track every key entered by a user, revealing sensitive information such as passwords.

An American court has now given Microsoft permission to seize control of the 3322.org domain where the botnet was hosted, and allow it to filter traffic. The domain’s owners have said that they have a “zero tolerance” policy towards illegal malware but with 2.85 million domains, this was difficult to enforce in practice. Last year, a Chinese mobile security firm was accused of bundling viruses with its anti-malware software.

Nitol

“Earlier this week, the US District Court for the Eastern District of Virginia granted Microsoft’s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people,” said Richard Domingues Boscovich, assistant general counsel, Microsoft Digital Crimes Unit. “Codenamed ‘Operation b70,’ this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers.

In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months.”

Microsoft said that the most disturbing fact was that the counterfeit software could have entered the supply chain at any point and warned consumers that if a deal was too good to be true, it probably was.

The company released an update in June to address a certificate issue exploited in the Flame malware attacks and another Microsoft investigation, operation b71, has been trying to take down the Zeus Botnet network.

“Microsoft is fully committed to protecting consumers by combating the distribution of counterfeit software and working closely with governments, law enforcement and other industry members in these efforts,” continued Domingues Boscovich. “Our disruption of the Nitol botnet further demonstrates our resolve to take all necessary steps to protect our customers and discourage criminals from defrauding them into using malware infected counterfeit software.”

Are you a security expert? Find out with our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Supreme Court Permits Nvidia Investor Lawsuit To Proceed

Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…

12 hours ago

TikTok Files Challenge Against Canadian Shutdown Order

Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations

15 hours ago

Apple Intelligence Launches In UK, Siri Integrated With ChatGPT

Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…

16 hours ago

US Awards Micron $6.1 Billion From US Chips Act

Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…

18 hours ago

California Mulls Health Warnings For Social Media Sites

Bill (if passed) could see California become the first US state to require mental health…

21 hours ago

GM Kills Cruise Robotaxi Business, After Funding Is Pulled

General Motors kills Cruise robotaxi ambitions, after halting funding for the loss-making autonomous vehicle unit

22 hours ago