Polish Domain Registry NASK Seizes Domains Used in Pervasive Virut Botnet

Polish domain registrar NASK seized 23 domains used by the Virut botnet last week

Polish domain registry NASK seized 23 domains used by the Virut botnet last week, which marks the first time the registrar has taken such drastic steps against infected domains, according to a report by ZDNet on Monday.

NASK was approached by anti-spam organization Spamhaus to take action against the botnet that has existed since 2006, and was ranked fifth in the world in terms of infections by Kapersky Labs. Virut accounted for 6.8 percent of malware infections in 2012.

Virut has infected machines associated with 890,000 unique IP addresses last year in Poland alone, NASK said in a press release.

NASK said the main sources of the virus were zief.pl and ircgalaxy.pl, which were used to host its command and control IRC servers, and other malware including Palevo and Zeus.

The Virut malware spreads by inserting code into clean executable files and copying itself to fixed, attached and shared network drives. Some variants also infect HTML, ASP and PHP files with rogue code that distributes the threat, Computerworld reports. Virut is used as a malware distribution platform, meaning other cybercriminals pay the Virut botmasters to deploy malware on the already compromised computers.

Web hosts including Canadian Web Hosting have deployed services to help cut down on botnet and malware spread across its network. 

Spamhaus worked with Group-IB to get the .ru domains used by Virut shut down, and it has alerted the .at domain registry about the issue in hopes that they will suspend the C&C domains.

Recently, Microsoft reached a settlement with the host of the Nitol botnet, 3322.org, who agreed to cooperate in cleaning up computers infected with it, and help limit the spread of the Nitol botnet.

Talk back: What do you think of the decision made by NASK to cut off the domains? Have you ever worked with security researchers to fight the spread of malware? Let us know in a comment.

About Nicole Henderson

Nicole Henderson is the Editor in Chief of the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto. You can find her on Twitter @NicoleHenderson.