The Inquirer-Home

Microsoft takes on Nitol botnet

Fake software in the supply chain blamed
Thu Sep 13 2012, 11:47
Hacker

SOFTWARE HOUSE MIcrosoft is making a stand against an emerging botnet that it says has been enabled by malware inserted in PC supply chains.

The firm's assistant general counsel in Microsoft Digital Crimes Unit, Richard Boscovich said the Nitol botnet is being spread from insecure supply chains where cybercriminals have introduced fake software that is riddled with malware.

Microsoft said it is working hard to disrupt the malware strains being employed and has had some success in taking down the Nitol botnet that has been developing through their deployment.

Boscovich said that criminals had placed themselves in supply chains and were able to get malware ridden computers into retailers. Retailers then were selling them on to consumers, thus enabling the botnet's spread.

He used the announcement as a reminder of the importance of buying properly certified hardware and software.

"What's especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer," he said.

"So how can someone know if they're buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can't tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware."

In a study Microsoft researchers bought hardware from what it described only as an "unsecure supply chain".

There it found that 20 percent of the hardware it bought was infected with malware, such as malware capable of spreading through USB flash drives, for example. This means that the infection could spread from one machine to another with relative ease, through a home network for example, or from a worker into the office.

"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," he added.

"Additionally, we found malware that records a person's every key stroke, allowing cybercriminals to steal a victim's personal information. The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded onto an infected computer."

Microsoft has taken control of the 3222.org domain that was being used to host the botnet, and Boscovich said that it is blocking that and nearly 70,000 other malicious subdomains.

"This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain, and will help rescue people's computers from the control of this malware," he explained. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?