{
  "family": "nitol",
  "sample_count": 694,
  "category": "ddos_bot",
  "description": "Nitol is a DDoS botnet family that uses infected machines to launch distributed denial-of-service attacks. It spreads through software supply-chain compromise and pirated software, and was notably distributed via counterfeit Windows installations sold in some regions. Microsoft disrupted the Nitol botnet in 2012 through its Operation b70 action.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Nitol?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Nitol is a DDoS botnet family that uses infected machines to launch distributed denial-of-service attacks. It spreads through software supply-chain compromise and pirated software, and was notably distributed via counterfeit Windows installations sold in some regions. Microsoft disrupted the Nitol botnet in 2012 through its Operation b70 action."
      }
    },
    {
      "@type": "Question",
      "name": "How does Nitol spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Nitol is a DDoS-capable trojan spread through pirated Windows installations preloaded at the supply-chain level and cracked software downloads."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Nitol infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Outbound flood traffic to unfamiliar IPs, unexpected high bandwidth usage, and antivirus detections for Nitol or Win32/Nitol are common."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Nitol on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1498",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}