A Microsoft investigation found that cybercriminals have infiltrated unsecure supply chains to introduce counterfeit Windows software embedded with malware at factories in China. Microsoft's Operation b70, which stemmed from the study, tracked retailers who were selling computers loaded with counterfeit versions of Windows software embedded with the the Nitol botnet.
Microsoft has just won a restraining order in U.S. District Court for the Eastern District of Virginia, granting it permission to take over the hosting of the 3322.org domain, which hosted the Nitol botnet. Microsoft’s newly created domain name system (DNS) enables it to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the 3322.org domain, while allowing all other traffic for the legitimate subdomains to operate without disruption.
The case is documented in a blog posting on the Microsoft site.
http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx