By Patrick Marshall

Blog archive

Powerful new government cybersecurity system: U.S. courts

Microsoft this week got a temporary restraining order against alleged operators of a botnet, allowing the software company to take over the malicious domain and block the Nitol botnet and nearly 70,000 other subdomains.

The case is interesting for a number of reasons, not least of which is that Nitol was discovered by Microsoft’s Digital Crimes Unit to be preinstalled on a computer bought in China, along with several other types of malware that had been incorporated into counterfeit copies of Windows XP and Windows 7.

Nitol was actively running and attempting to connect with a command and control server, allowing researchers to study it and its operators. Microsoft found that the United States has the second largest number of C&C servers (behind China), located primarily in California, Texas, Georgia and Pennsylvania.

Related coverage:

Administration unveils plan for battling botnets

But to my mind, the most interesting part of the story is Microsoft’s continued and successful use of the courts as a cybersecurity tool. The company’s Project MARS (Microsoft Active Response for Security) goes after threats to its customers with lawsuits to shut down the malicious nets. The Nitol bust is its second botnet takedown in six months.

On Sept. 10 the U.S. District Court for the Eastern District of Virginia granted Microsoft’s request for a temporary restraining order against Nitol’s operators, allowing the company to host the domain, which hosts the majority of the C&C servers on a new domain name system. This will let Microsoft block malicious traffic while letting legitimate subdomains operate without interruption. Microsoft also is seeking preliminary and permanent injunctions.

Federal computer security law often is criticized as out of date with the current cyber threat environment, and cybersecurity legislation that would amend it has gone nowhere in Congress. But Microsoft has successfully used the existing Computer Fraud and Abuse Act, Common Law Trespass and other criminal statutes to take action against the roots of malicious networks.

In March, the company, along with the U.S. Marshals Service, took down several botnets using variants of the Zeus malware. A year earlier, Microsoft led the takedown of the massive Rustock botnet, which had infected more than a million computers worldwide, later turning the case over to the FBI.

Botnets have not disappeared, of course, and are not likely to disappear any time soon. And computer crime laws (and cybersecurity requirements) need to be updated. But Project MARS shows that court action through existing laws can be a potent cybersecurity tool against malicious networks that cross national borders.

Posted by William Jackson on Sep 14, 2012 at 9:39 AM


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected