Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - Microsoft disrupts traffic associated with the Nitol botnet InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft disrupts traffic associated with the Nitol botnet

Published: 2012-09-13
Last Updated: 2012-09-13 13:53:56 UTC
by Mark Baggett (Version: 1)
1 comment(s)

There is an interesting article that was just published by Microsoft's Digital Crimes Unit.   Attackers have been infecting manufacturer supply chains to spread their evil warez.   Some unnamed manufacturers have been selling products loaded with "counterfeit versions of Windows software embedded with harmful malware."   The article goes on to say that the "Malware allows criminals to steal a person’s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware."    Microsoft worked with law enforcement and began filtering traffic associated with the domain 3322.org to disrupt the botnet's communications.

The full story is here:  http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

 

Join me in San Antonio Texas November 27th for SANS 504 Hacker Techniques, Exploits and Incident Response!  Register Today!!

Mark Baggett

Twitter: @MarkBaggett

1 comment(s)
Diary Archives