Microsoft Wields Its IP For Good, Cripples Botnet Via Trademark Litigation

from the ends-justifies-the-means? dept

Microsoft developed a bit of a reputation as a trademark bully during the early 00s, going after an Australian pillow manufacturer (for its polyester fiber "Microsoft" quilt) and a 17-year-old Canadian named Mike Rowe (for his MikeRoweSoft website business). It seems to have settled down on the bullying but it still wields its trademarks with considerable heft. Krebs on Security reports Microsoft recently leveraged its trademarks to severely cripple a botnet.

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.

Microsoft's request for a restraining order (which I haven't been able to locate yet) pointed out Trickbot infects and alters Microsoft products, which could cause users to believe Microsoft itself has zombiefied their device. This misattribution of source cause has the potential to cause harm to Microsoft's reputation and brands.

However, it doesn't appear Trickbot ever co-opts Microsoft's trademarks to present computer users with seemingly legitimate applications. Instead, it infects Windows systems, causing problems while hiding itself from victims. Microsoft's trademark argument is novel: there's no appropriation, just a lot of potential damage to its reputation from people unwittingly operating infected systems.

The order was granted and Microsoft now has control of some of the servers used by the malicious hackers. Others remain online but work has been done to mitigate future damage.

Microsoft’s action comes just days after the U.S. military’s Cyber Command carried out its own attack that sent all infected Trickbot systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control them. The roughly 10-day operation by Cyber Command also stuffed millions of bogus records about new victims into the Trickbot database in a bid to confuse the botnet’s operators.

Microsoft's unusual trademark litigation isn't its only use of IP to battle a botnet. In a post about this operation/litigation, the company is also wielding its copyright in a more questionable manner.

This action also represents a new legal approach that our DCU [Digital Crimes Unit] is using for the first time. Our case includes copyright claims against Trickbot’s malicious use of our software code.

Microsoft probably knows something the rest of us don't, but using the information available, it's difficult to see how attacking a system with a malicious script "uses" Microsoft's software code. If this legal theory is granted credence by a judge, it will make it easier for companies (like… I don't know… Apple) to shut down hobbyists and enthusiasts who modify devices or programs containing copyrighted code to do things companies don't approve of. While it's great Microsoft is stepping up to shut down a botnet, it's not as great to see it willing to abuse IP law to get it done.

Filed Under: botnet, trademark, trickbot
Companies: microsoft