The company's Digital Crimes Unit continues to go after cyber threats

Sep 13, 2012 13:31 GMT  ·  By

The emerging Nitol botnet has received a blow from Microsoft’s Digital Crimes Unit as part of the campaign codenamed Operation b70. After obtaining the permission of a US District Court, the Redmond company disrupted over 500 strains of malware.

The most noteworthy thing about this particular action is that the botnet has been found to spread with the use of unsecure supply chains.

In these schemes, cybercriminals infiltrate supply chains and plant their malware-infested software in order to infect the computers of unsuspecting users who think that they’re actually purchasing virus-free legitimate applications.

Unsecure supply chains appear when companies do business with unauthorized or unknown sources. For instance, if a distributor sells products it has received from a shady organization.

The investigation performed by the Digital Crimes Unit has uncovered a number of firms that were selling computers with pirated versions of the Windows operating system. Most of these OSs were infected with all sorts of malicious elements.

Another scenario is the one in which the malware-laden software is planted on the PCs while they’re being transported from one company to the other.

The figures from Microsoft’s analysis have revealed that around 20% of the computers bought through such a supply chain are infected with malware. Even more worryingly, the malicious elements found on these devices have no trouble in spreading to other computers via removable media drives.

As part of the same operation, Microsoft has managed to obtain the permission to host the 3322.org domain, one responsible for hosting the Nitol botnet. A number of 70,000 malicious subdomains were hosted on this domain, which means that the move seriously disrupted the criminals’ activities.

Here is a short clip in which Microsoft explains the concept of unsecure supply chains and how these schemes work: