Operation b70: Microsoft has the right to take over domains

In August 2011 Microsoft began to investigate the claims that pirated software along with malware were installed onto company`s PCs in China. The company sent its employees to buy 10 laptops and 10 desktops from "PC Malls" in various cities in China. It turned out that 4 PCs where infected with malware.

1 of 4 PCs was infected with Nitol virus that installs backdoor used for spam and DDoS attacks and was a part of a botnet hosted at 3322.org. Microsoft further investigation showed that there were around 500 different strains of malware on 70,000 sub-domains.

Microsoft was not successful in approaching the hosting company so it decided to apply to take over the domain through the courts. Microsoft's Digital Crimes Unit asked the Eastern District of Virginia to allow them to disable these domains as part of "Operation b70", and has now been given permission, through a temporary restraining order, to take over control of the 3322.org domain and block the operation of the Nitol botnet and the other malware. As there are legitimate subdomains of 3322.org, Microsoft is filtering access with the help of Nominum, and allowing traffic to them through while blocking access to malicious subdomains.