Feeds

back to article Microsoft seizes Chinese dot-org to kill Nitol bot army

Microsoft has disrupted the emerging Nitol botnet - and more than 500 additional strains of malware - by taking control of a rogue dot-org website. The takedown is the latest in Microsoft's war against armies of hacker-controlled PCs. The Windows 8 giant's Operation b70 team discovered crooks were selling computers loaded with …

COMMENTS

This topic is closed for new posts.
Go

See that Haynes Build your oen PC book is useful!

For those that never have (I assume not many here) go on; you won't regret it.

0
0
Anonymous Coward

Well..

Congrats to MS for really stepping up and taking this on. They are big on process and once they get a process in place to deal with these kinds of things quickly, it will have an effect. I did a 360 degree threat model several years ago and 2nd hand PC's from ebay and the like were the most likely systems to contain malware. Crooks could afford to nearly give them away because the botnet was way more valuable than any profit they could make off a used PC. Bought a second hand machine online recently? Dump the drives and get new ones.

1
3
Silver badge

Re: Well..

Not really a solution though is it?

You seize 3322.org, the virus dials home to 3323.org, you seize that... - what's the maximum length of a domain name?

The real problem is:

You have to buy a computer with a pre-loaded Windows OS.

Your only guarantee of security is the MS hologram, but all this means is that a chain of lowest bidder Chinese suppliers actually paid Redmond for a license.

You do your "security updates" but on a computer that's already compromised.

The only solution would be to buy a retail copy of the OS - for more than the price of the machine - and wipe the installed OEM OS. Perhaps OEM machines should actually only come with a license sticker and MS mails you a genuine install disk for free?

1
1
Silver badge
Trollface

Re: Well..

>The only solution would be to buy a retail copy of the OS - for more than the price of the machine

Cue the mactard and linux fanboi corrections.

1
2
Anonymous Coward

Re: Well..

They weren't second hand PCs

Microsoft bought the machines new and they came with the malware pre-installed.

I'll resist any temptation to claim the pre-installed malware was called Windows XP|Vista|7|8

0
0

Re: Well..

"Not really a solution though is it?

You seize 3322.org, the virus dials home to 3323.org, you seize that... - what's the maximum length of a domain name?"

The notice posted from the domain name operators says that they are offering free transfers to 8866.org 2288.org 9966.org 7766.org and 6600.org.

The translation of the notice is hilarious:

"If your domain name is manslaughter, causing error resolution, please contact our customer service to verify the situation, we will help you solve."

http://translate.google.co.uk/translate?u=http%3A%2F%2Fwww.pubyun.com%2Fp%2Fnotice%2F

0
0
Alien

Maybe a deep conspiracy theory, but what is ms going to do with the information that they can extract/manipulate now ?? build their own botnet ??

0
2
Bronze badge
Devil

deep conspiracy theory? sorta, kinda...?

Maybe a deep conspiracy theory, but what is ms going to do with the information that they can extract/manipulate now ?? build their own botnet ??

Uh, ohhhh...

0
0
Bronze badge

Glad M$ stepped up?

Considering that is was a security hole riddled OS that allowed the bot net to thrive, it was only fitting for M$ to do something about it. If the Redmond monster would work a bit harder on creating an OS (and apps) that wasn't swiss cheese, they could save the money on having to employ the talent and hardware to take over a domain.

0
5
Gold badge
Mushroom

Re: Glad M$ stepped up?

So you didn't read the article at all then?

The nasties were installed at build time. You could do that with any O/S. Absolutely no vulnerabilities at all are required, just the admin / root / fanboi password and physical access which the system builder, by definition, has.

You muppet. Crawl back into your nice, comfy MS h4ting hole and pull it in after you.

2
1
Anonymous Coward

3322.org

I was under the impression that 3322.org was essentially a Chinese equivalent of DynDNS.org. If this is the case, can you imagine the outcry from western users (and businesses - don't kid yourself, small businesses do use it) if DynDNS.org had been seized? Although kudos to Microsoft (there's a phrase I never thought I'd type) for allowing non-malware subdomains to continue operating, I wonder how many of those subdomains are trying to update with new IP info and failing.

0
0
This topic is closed for new posts.