Last month Microsoft led an effort to take control of a domain – 3322.org – in order to disrupt more than 500 different strains of malware affecting millions of innocent people around the world. Using a surgical approach implemented with software from Nominum, Microsoft was able to sinkhole traffic to malware subdomains hosted on 3322.org without impacting queries to legitimate subdomains. Numerous articles covered the effort; some of the better ones are below:
Last week Microsoft announced they had reached an agreement with the operator of the 3322.org domain as reported on their blog here.
The short story is the operator of 3322.org agreed to clean it up by continuing to block and ultimately deregister known malicious domains as well as maintain a publicly published policy of zero tolerance for illegal activity on 3322.org subdomains. This seems like a win-win. It’s doubtful the operator of 3322.org would have chosen to clean up 3322.org in the absence of Microsoft’s actions. But at the same time logic would suggest the owner of 3322.org made a business decision, realizing the cost of hosting malicious domains was going to be greater than any revenue they might have been generating. More broadly it’s refreshing to think legitimate business models can prevail over criminal activity.
This result is especially interesting because there seemed to be an undercurrent of controversy about Microsoft’s effort but in this case taking decisive action to deter malicious activity resulted in a positive outcome for all parties involved.