Microsoft pushing to halt botnet cybercrime
Microsoft announced legal action Monday seeking to disrupt a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware, which experts consider a threat to the U.S. presidential election.
The operation to knock offline command-and-control servers for a global botnet that uses an infrastructure known as Trickbot to infect computers with malware was initiated with a court order Microsoft obtained in Virginia federal court Oct. 6. Microsoft argued that the crime network is abusing its trademark.
Cybersecurity experts said that while Microsoft’s use of a U.S. court order to persuade internet providers to take down the botnet servers is laudable, it’s not apt to be successful because too many won’t comply.
Paul Vixie of Farsight Security said via email “experience tells me it won’t scale — there are too many IP’s behind uncooperative national borders.”
The announcement follows a Washington Post report Friday of a major — but ultimately unsuccessful — effort by U.S. Cyber Command to dismantle Trickbot last month with direct attacks rather than asking online services to deny hosting to domains used by command-and-control servers.
A U.S. policy called “persistent engagement” authorizes U.S. cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code, something Cybercom did against Russian misinformation jockeys during U.S. midterm elections in 2018.
Created in 2016 and used by a loose consortium of Russian-speaking cybercriminals, Trickbot is a digital superstructure for sowing malware in the computers of unwitting individuals and websites.