Security News > 2023 > April > Google wins court order to force ISPs to filter botnet traffic
A US court has recently unsealed a restraining order against a gang of alleged cybercrooks operating outside the country, based on a formal legal complaint from internet giant Google.
Interestingly the court order also authorises Google to identify network providers whose services directly or indirectly make this criminality possible, and to "[request] that those persons and entities take reasonable best efforts" to stop the malware and the data theft in its tracks.
Presumably to make it harder for these alleged crooks simply to shift their servers to hosting providers that either can't be identified at all, or that will happily ignore US takedown requests, this court order even covers blocking network traffic that is known to be going to or coming from domains associated with the CryptBot crew.
The final network hops taken by any malicious traffic that reaches US victims is almost certain to pass through ISPs that are under US jurisdiction, so we're assuming that those providers may end up with legal responsibility for actively filtering out any malicious traffic.
To be clear, the court order doesn't demand, or even mention, any sort of snooping on, sniffing out or saving of any data that's transferred; it merely covers taking "Reasonable steps to identify" and "Reasonable steps to block" traffic to and from a list of identified domains and IP numbers.
The order covers blocking traffic "To and/or from any other IP addresses or domains to which Defendants may move the botnet infrastructure," and gives Google the right to "Amend if it identifies other domains, or similar identifiers, used by Defendants in connection with the Malware Distribution Enterprise."