A man recently named as owning a malware-hosting domain has agreed to work with Microsoft to prevent cyber criminals from using the domain.
Peng Yong, the registered owner of 3322.org, was named by Microsoft after the Nitol botnet was hosted on the domain, which it said had links to malicious activity since 2008 and contained 500 different strains of malware hosted on more than 70,000 sub-domains.
Microsoft was granted an ex-parte temporary restraining order against Yong, his company and others and it took control of the 3322.org domain through its created domain name system (DNS). Yong said at the time that the company had a ‘zero tolerance' attitude towards illegal activity on the domain.
In a statement, Richard Domingues Boscovich, assistant general counsel at the Microsoft digital crimes unit, said that Microsoft had resolved the issues in the case and had dismissed the lawsuit pursuant to the agreement.
He also said that Yong had agreed to work in cooperation with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT) to resume providing authoritative name services for 3322.org and block all connections to any of the subdomains identified in a 'block list', by directing them to a sinkhole that will be designated and managed by CN-CERT.
Yong will add subdomains to the block list as new 3322.org subdomains associated with malware are identified by Microsoft and CN-CERT.
“Since the case is settled, all evidence and discovery collected during Microsoft's investigation will be handed over to CN-CERT, who will work with the defendant to identify the people behind the malicious subdomains pursuant to Chinese law,” Boscovich said.
“We're very pleased by this outcome, which will help guarantee that the 70,000 malicious subdomains associated with 3322.org will never again be used for cyber crime.”
He also said that in the last 16 days since it began collecting data on the 70,000 malicious subdomains, it had been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious 3322.org subdomains.
He said: “In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked 3322.org subdomains. For example, on September 25th, we successfully processed 34,954,795 DNS requests for 3322.org subdomains that were not on our block list.”