Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft disrupts traffic associated with the Nitol botnet - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft disrupts traffic associated with the Nitol botnet

There is an interesting article that was just published by Microsoft's Digital Crimes Unit.   Attackers have been infecting manufacturer supply chains to spread their evil warez.   Some unnamed manufacturers have been selling products loaded with "counterfeit versions of Windows software embedded with harmful malware."   The article goes on to say that the "Malware allows criminals to steal a person’s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware."    Microsoft worked with law enforcement and began filtering traffic associated with the domain 3322.org to disrupt the botnet's communications.

The full story is here:  http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

 

Join me in San Antonio Texas November 27th for SANS 504 Hacker Techniques, Exploits and Incident Response!  Register Today!!

Mark Baggett

Twitter: @MarkBaggett

Mark

81 Posts
ISC Handler
- https://blog.damballa.com/archives/1806
Sep 13, 2012 - "... Nitol... employs multiple domains from several free dynamic DNS providers, including -other- four-digit .ORG domain services such as
6600 .org, 7766 .org, 2288 .org and 8866 .org..."
(Highly recommend blocking those addresses also, if you haven't already.)
.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!