Boscovich said Microsoft would like Yong to identify those people who have registered the malicious domains, as only he would hold that information since the websites are subdomains. "We are trying to reach out to him now," he said. "We are not necessarily alleging he is the one running the botnet."
Microsoft now controls 3322.org. Since the domain also hosts legitimate websites, Microsoft is using DNS (Domain Name System) software from Nominum that will allow legitimate traffic to subdomains of 3322.org but halt traffic to the 70,000 hosted websites that are harmful, a process known as "sinkholing."
Using the DNS in this way is a new, state-of-art approach, said Craig Sprosts, general manager for fixed broadband for Nominum, which provides DNS services for service providers including Verizon, Comcast and BT. The advantage is that websites that aren't doing anything illegal will continue to run.
"This operation is somewhat unique," Sprosts said. "There have been domain take downs, but this one was kind of surgical strike."
As far as the infected computers, Microsoft will notify ISPs who have infected customers, which then can take action to cleanse the computers of malware.
Sign up for CIO Asia eNewsletters.