How Microsoft killed off a massive botnet, with trademark law

July 24, 2013

At its height, the Rustock botnet was a gigantic collection of computers pumping out enormous amounts of online spam. Unbeknownst to their owners, these PCs were enslaved to a command-and-control center that Microsoft, along with several partners, decided to take down in 2011.


(AMC)

Stamping out botnets is really hard to do. But on Wednesday, at a Microsoft-sponsored panel discussion on zombie networks, Microsoft's assistant general counsel for digital crimes revealed the company's crafty legal strategy for going about destroying this one. The key? A 67-year-old statute concerning corporate trademarks.

Trademarks might appear to have little to do with ads for body enhancement pills. But, said Microsoft's Richard Boscovich, the Lanham Act allowed Microsoft and its partners to seize the servers the hijacked computers were reporting to. That's an important detail. In a criminal proceeding, authorities might just get a search warrant and grab the equipment outright. But because Microsoft was engaged in a civil lawsuit, search warrants were out of the question. The company had to find another way to gain control of the command servers.

Luckily for the anti-spammers, the Lanham Act makes seizures of equipment possible if there's counterfeiting going on. In another stroke of fortune for Microsoft, the botnet operators had been using a letter template that included, of all things, Microsoft's logo. Every time Rustock sent out spam with Microsoft's registered image on it, that was another piece of evidence that the company could wield against the controllers.

When Rustock finally got taken down, spam watchers noticed a sharp drop-off in the amount of bogus material being pushed around the Internet. Symantec saw spam volumes drop by 24.7 percent the day after the sting.

(Symantec)
(Symantec)

The spammers will eventually adapt. But the goal isn't to eradicate botnets altogether -- it's to make the enterprise so complicated and expensive that most low-level criminals give up.

"You want to make them spend their time and money to develop that code," Boscovich said during the Washington event. "That automatically takes a lot of players out of the market."

Brian Fung covers technology for The Washington Post, focusing on telecom, broadband and digital politics. Before joining the Post, he was the technology correspondent for National Journal and an associate editor at the Atlantic.
Comments
Show Comments

Get Wonkbook in your inbox

Sign up for our morning economic policy primer.

Most Read Business
Next Story
Sarah Kliff · July 24, 2013