Microsoft has won a battle to permanently disrupt a haven for the Nitol botnet that it discovered within an Internet domain controlled by a Chinese ISP. The company has signed a private settlement that Peng Yong and Changzhou Bei Te Kang Mu Software Technology Co., Ltd., will block all connections to designated malicious subdomains of the 3322.org domain controlled by Peng and Bei Te Kang Mu Software.BACKGROUND: Microsoft takes down another botnet, NitolDETAILS: Inside Microsoft botnet takedowns Microsoft has identified those subdomains as hosting command and control servers for the Nitol botnet, which enlists infected machines into botnets that can execute distributed denial-of-service (DDoS) attacks and can also download malicious code for machines to perform whatever commands the bot commander directs.Traffic to those 3322.org subdomains will be directed to sinkholes run in cooperation with either Microsoft or the China CERT (CN-CERT), according to the agreement, and log information about the computers trying to connect to the subdomains will be shared with CN-CERT. The designated subdomains will be de-registered as well, the agreement states. Peng and Changzhou Bei Te Kang Mu Software agree to try to help find owners of the machines trying to make connections and to help the owners remove malware from the computers, the agreement says. In addition, Peng and his business will post a public policy asserting zero tolerance for illegal activity in the 3322.org domain.Microsoft had won a temporary restraining order giving it control of 3322.org, and the agreement says it will return that control to Peng.Microsoft came across the Nitol refuge when it was following up on a case of new computers being sold in China with pirated Microsoft software and Nitol malware preinstalled. It won a U.S. court order to gain control of 3322.org until Peng could respond to a lawsuit filed by Microsoft against him. Part of the agreement is that Microsoft will drop the suit.Tim Greene covers Microsoft for Network World and writes theA Mostly MicrosoftA blog. Reach him atA tgreene@nww.comA and follow him on TwitterA @Tim_Greene.Read more about wide area network in Network World’s Wide Area Network section. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe