Two weeks ago, I wrote about how a Microsoft study looking into unsecure supply chains led to the discovery of the emerging Nitol botnet, which was hosted by the 3322.org domain. In order to address this threat, Microsoft filed suit to take control of the 70,000 malicious subdomains hosted on 3322.org.
Today, I am pleased to announce that Microsoft has resolved the issues in the case and has dismissed the lawsuit pursuant to the agreement. As part of the settlement, the operator of 3322.org, Peng Yong, has agreed to work in cooperation with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT) to:
· Resume providing authoritative name services for 3322.org, at a time and in a manner consistent with the terms and conditions of the settlement.
· Block all connections to any of the subdomains identified in a “block-list,” by directing them to a sinkhole computer which is designated and managed by CN-CERT.
· Add subdomains to the block-list, as new 3322.org subdomains associated with malware are identified by Microsoft and CN-CERT.
· Cooperate, to the extent necessary, in all reasonable and appropriate steps to identify the owners of infected computers in China and assist those individuals in removing malware infection from their computers.
The settlement agreement can be found here. Since the case is settled, all evidence and discovery collected during Microsoft’s investigation will be handed over to CN-CERT, who will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law. We’re very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with 3322.org will never again be used for cybercrime.