Home / Technology & Media / Chinese cybercrime site cleans up

Chinese cybercrime site cleans up

A Chinese company that ran a web-hosting firm that was a favourite among cybercriminals has agreed to clean up its act.

Hosting firm 3322.org’s web domains were seized by Microsoft as it investigated a cybercrime gang.

Microsoft found evidence that 70,000 of the web domains overseen by 3322.org were malicious.

Peng Yong, owner of 3322.org, has now pledged to help Microsoft stem abuse of its web space.

Traffic analysis

Chinese hosting firm 3322.org came to Microsoft’s notice during its efforts to track down the fraudsters behind the Nitol botnet.

A botnet is a network of PCs that cybercriminals have taken over using viruses or loopholes in popular programs. Spam, phishing and website attacks are often run through these botnets.

Called Operation b70, Microsoft’s investigation found that some PCs were being sold with malicious code already installed on them. The cybercriminals behind Nitol managed this feat by infiltrating insecure supply chains to install the malware.

The creators of Nitol had rented webspace from 3322.org and were using it as a command and control system for their growing collection of infected PCs.

Microsoft’s investigation uncovered extensive abuse of 3322.org domains¬†and promoted it to take legal action to seize the domains – many of which were found on US servers.

Since it seized the web domains in mid-September, Microsoft said almost eight million infected machines had tried to contact one or more of the 70,000 malicious domains.

As part of a legal settlement to regain control of 3322.org, founder Peng Yong has given assurances that he will work with Microsoft and China’s central computer security agency to limit abuse of the site’s domains.

In addition, the 70,000 malicious domains have been mothballed and traffic for them will be routed into what is known as a “sinkhole” so they can be analysed by cybercrime investigators.

Work has also begun to identify the individuals and gangs behind the malicious domains.