Microsoft obtained permission on Sept. 10 from the U.S. District Court for the Eastern District of Virginia to take control of the 3322.org domain. The company filed a civil complaint against Peng Yong, who owns the domain and his company Changzhou Bei Te Kang Mu Software Technology, also known as Bitcomm, and three other unnamed defendants. A hearing is set for Sept. 26.
Boscovich said Microsoft would like Yong to identify those people who have registered the malicious domains, as only he would hold that information since the websites are subdomains. "We are trying to reach out to him now," he said. "We are not necessarily alleging he is the one running the botnet."
Microsoft now controls 3322.org. Since the domain also hosts legitimate websites, Microsoft is using DNS (Domain Name System) software from Nominum that will allow legitimate traffic to subdomains of 3322.org but halt traffic to the 70,000 hosted websites that are harmful, a process known as "sinkholing."
Using the DNS in this way is a new, state-of-art approach, said Craig Sprosts, general manager for fixed broadband for Nominum, which provides DNS services for service providers including Verizon, Comcast and BT. The advantage is that websites that aren't doing anything illegal will continue to run.
"This operation is somewhat unique," Sprosts said. "There have been domain take downs, but this one was kind of surgical strike."
As far as the infected computers, Microsoft will notify ISPs who have infected customers, which then can take action to cleanse the computers of malware.
Send news tips and comments to firstname.lastname@example.org.