Security News > 2020 > October > Microsoft and chums use US trademark law to trash Trickbot malware network

An order granted by the US District Court for Eastern Virginia authorised Microsoft and chums to "Disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers."

Jean-Ian Boutin, head of threat research, said: "Over the years we've tracked it, Trickbot compromises have been reported in a steady manner, making it one of the largest and longest-lived botnets out there. Trickbot is one of the most prevalent banking malware families, and this malware strain represents a threat for internet users globally."

Originally a banking trojan known as Dyre, the malware is now capable of being used to infiltrate a target network and drop other malware, such as ransomware.

Although Microsoft's legal counsel managed to use US trademark law to seize and take down Trickbot's C2 infrastructure on the grounds that the malware occasionally impersonates the Windows operating system, UK criminal law doesn't help British companies take strong action against malware operators.

The sloppily worded law was drafted in the late 1980s and has not kept pace with modern technology; there is a at least theoretical risk that a person or company in the UK deliberately disrupting malware C2 infrastructure could commit a crime in the process no matter how pure their motives.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/12/trickbot_c2_takedown_microsoft/