Polish domain registry NASK seized 23 domains used by the Virut botnet last week, which marks the first time the registrar has taken such drastic steps against infected domains, according to a report by ZDNet on Monday.
NASK was approached by anti-spam organization Spamhaus to take action against the botnet that has existed since 2006, and was ranked fifth in the world in terms of infections by Kapersky Labs. Virut accounted for 6.8 percent of malware infections in 2012.
Virut has infected machines associated with 890,000 unique IP addresses last year in Poland alone, NASK said in a press release.
NASK said the main sources of the virus were zief.pl and ircgalaxy.pl, which were used to host its command and control IRC servers, and other malware including Palevo and Zeus.
The Virut malware spreads by inserting code into clean executable files and copying itself to fixed, attached and shared network drives. Some variants also infect HTML, ASP and PHP files with rogue code that distributes the threat, Computerworld reports. Virut is used as a malware distribution platform, meaning other cybercriminals pay the Virut botmasters to deploy malware on the already compromised computers.
Spamhaus worked with Group-IB to get the .ru domains used by Virut shut down, and it has alerted the .at domain registry about the issue in hopes that they will suspend the C&C domains.
Talk back: What do you think of the decision made by NASK to cut off the domains? Have you ever worked with security researchers to fight the spread of malware? Let us know in a comment.