Microsoft’s Operation B70 Wins Another Battle Against Spam and Malware

Written by Casper Manes on September 18, 2012

Microsoft struck another blow against spammers last week in an operation code-named b70. The US District Court for the Eastern District of Virginia granted Microsoft an ex parte temporary restraining order against Peng Yong and other John Does following a month’s long research project into the propagation of malware into the supply chain of PCs.

Microsoft performed a close study of PC supply chains, and found that in many instances, counterfeit versions of operating systems and software, introduced onto PCs at points between the manufacture of the hardware, and the purchase at retail came complete with various malware preinstalled and ready to exploit the consumer. Malware includes keyloggers, remote access Trojans, and software that could be used to remotely access webcams and microphones. In many cases this same software could propagate automatically through USB keys, email, and more.

Many of the infected systems participated in botnets used to send spam, as well as launch distributed denial of service attacks against others. The court order allowed Microsoft to disrupt the operations of the Nitol botnet, and to take control of the 3322.org domain, taking over DNS operations for that domain and over 70,000 subdomains, hosting over 500 different strains of malware.

According to a blog post authored by Richard Boscovich, Assistant General Counsel for Microsoft’s Digital Crimes Unit, the Microsoft study found that as many as 20% of PCs purchased from supply chains using counterfeit software were infected with malware.

Nominum, a DNS solutions and security company, was instrumental in assisting Microsoft with both the research and in the legal filings, serving as a declarant in the case. You can read more about this on Microsoft’s DCU blog at http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx, and the legal filings at http://noticeofpleadings.com/.

Comments

Sienna Biggs September 19, 2012

Hmmm… that’s interesting. Perhaps Microsoft is trying to correct its image now, especially after it’s been accused as the biggest spammer in the world (which is extremely ironic). But hey, IE isn’t the most secure browser out there, and don’t let me get started with Hotmail. Outlook.com, though, is another story. I’ve been using it for quite some time now, and I’m loving it! Anyway, I shouldn’t chastise Microsoft for today. I think any step against spam is commendable. It makes me feel that there’s still some hope and that we can expect cleaner inboxes in the next few years.

Maria Ortiz September 19, 2012

This is really scary you can buy a new computer with all the malware already in it. I suppose this isn’t an isolated case but probably hackers have infiltrated PC shops as well and this is where all the millions of infected computers come from. Good for Microsoft that they targeted this but for me it is a reminded that even a brand new computer needs to be thoroughly examined for malware – trust nobody!

Earl williams September 25, 2012

We definitely need more stories like this one. I know that the others think this is kind of a very shallow penalty, but the good news is we are making great progress. Or at least someone is already paying the consequences of their wrongdoing. Now I feel that there’s really hope we can get rid of spam. What we should aim, nevertheless, is to add more people to this statistic and yea spread the word. We should remain proactive and participative, because these agencies that try to protect us cannot do a lot without our strong support to all their programs.

Kevin September 25, 2012

Well, this is some cool change. This blog seems to be filled with bad news about how we can beat bots, spams, and phishing scams. And what’s interesting is that it’s actually Microsoft that “sent” the culprit in prison. Didn’t we just hear about how Microsoft earned the worst spammer in the world? That’s definitely ironic. But I also don’t discount the fact the guys are really working hard to stop spam once and for all. Who knows they may eventually find the best solution so we can say goodbye to it forever?

  • (required)
  • (required)