Microsoft finds malware on new computers in China

continued from page 1

Question of the Day

Is it still considered bad form to talk politics during a social gathering?

View results

The laptop was made by Hedy, a computer manufacturer in Guangzhou, China, according to the court records. The company, reached by phone, declined to answer questions.

Stratton and his colleagues also found Nitol to be highly contagious. They inserted a thumb drive into the computer and the virus immediately copied itself onto it. When the drive was inserted into a separate machine, Nitol quickly copied itself on to it.

Microsoft examined thousands of samples of Nitol, which has several variants, and all of them connected to command-and-control servers associated with the 3322.org domain, according to the court records.

“In short, 3322.org is a major hub of illegal Internet activity, used by criminals every minute of every day to pump malware and instructions to the computers of innocent people worldwide,” Microsoft said in its lawsuit.

Peng, the registered owner of 3322.org, said he has “zero tolerance” for the misuse of domain names and works with Chinese law enforcement whenever there are complaints. Still, he said, his huge customer base makes policing difficult.

“Our policy unequivocally opposes the use of any of our domain names for malicious purposes,” Peng said in a private chat via Sina Weibo, a service like Twitter that’s very popular in China. “We currently have 2.85 million domain names and cannot exclude that individual users might be using domain names for malicious purposes.”

Peng is the founder and chief executive of Bitcomm, a company he and his wife own. They founded an earlier company, which started 3322.org in 2001. Bitcomm took over the domain in 2007.

Past warnings by other online security firms have been ignored by Peng, according to Boscovich. 3322.org accounted for more than 17 percent of the world’s malicious web transactions in 2009, according to Zscaler, a computer security firm in San Jose, Calif. In 2008, Russian security company Kaspersky Lab reported that 40 percent of all malware programs, at one point or another, connected to 3322.org.

U.S. District Judge Gerald Bruce Lee, who is presiding in the case, granted a request from Microsoft to begin steering Internet traffic from 3322.org that has been infected by Nitol and other malwares to a special site called a sinkhole. From there, Microsoft can alert affected computer users to update their anti-virus protection and remove Nitol from their machines.

Since Lee issued the order, more than 37 million malware connections have been blocked from 3322.org, according to Microsoft.

___

Associated Press researcher Fu Ting in Shanghai contributed to this report.

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Comments
blog comments powered by Disqus
TWT Video Picks