Blog archive

Powerful new government cybersecurity system: U.S. courts

Microsoft this week got a temporary restraining order against alleged operators of a botnet, allowing the software company to take over the malicious domain and block the Nitol botnet and nearly 70,000 other subdomains.

The case is interesting for a number of reasons, not least of which is that Nitol was discovered by Microsoft’s Digital Crimes Unit to be preinstalled on a computer bought in China, along with several other types of malware that had been incorporated into counterfeit copies of Windows XP and Windows 7.

Nitol was actively running and attempting to connect with a command and control server, allowing researchers to study it and its operators. Microsoft found that the United States has the second largest number of C&C servers (behind China), located primarily in California, Texas, Georgia and Pennsylvania.

Related coverage:

Administration unveils plan for battling botnets

But to my mind, the most interesting part of the story is Microsoft’s continued and successful use of the courts as a cybersecurity tool. The company’s Project MARS (Microsoft Active Response for Security) goes after threats to its customers with lawsuits to shut down the malicious nets. The Nitol bust is its second botnet takedown in six months.

On Sept. 10 the U.S. District Court for the Eastern District of Virginia granted Microsoft’s request for a temporary restraining order against Nitol’s operators, allowing the company to host the domain, which hosts the majority of the C&C servers on a new domain name system. This will let Microsoft block malicious traffic while letting legitimate subdomains operate without interruption. Microsoft also is seeking preliminary and permanent injunctions.

Federal computer security law often is criticized as out of date with the current cyber threat environment, and cybersecurity legislation that would amend it has gone nowhere in Congress. But Microsoft has successfully used the existing Computer Fraud and Abuse Act, Common Law Trespass and other criminal statutes to take action against the roots of malicious networks.

In March, the company, along with the U.S. Marshals Service, took down several botnets using variants of the Zeus malware. A year earlier, Microsoft led the takedown of the massive Rustock botnet, which had infected more than a million computers worldwide, later turning the case over to the FBI.

Botnets have not disappeared, of course, and are not likely to disappear any time soon. And computer crime laws (and cybersecurity requirements) need to be updated. But Project MARS shows that court action through existing laws can be a potent cybersecurity tool against malicious networks that cross national borders.

Posted by William Jackson on Sep 14, 2012 at 9:39 AM


  • Management
    people standing on keyboard (Who is Danny/

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.