HideLast Call: Our Black Friday weekend sale ends tonight! Shop now to save on all Techdirt gear »
HideLast Call: Our Black Friday weekend sale ends tonight! Shop now to save on all Techdirt gear »

Microsoft Wields Its IP For Good, Cripples Botnet Via Trademark Litigation

from the ends-justifies-the-means? dept

Microsoft developed a bit of a reputation as a trademark bully during the early 00s, going after an Australian pillow manufacturer (for its polyester fiber "Microsoft" quilt) and a 17-year-old Canadian named Mike Rowe (for his MikeRoweSoft website business). It seems to have settled down on the bullying but it still wields its trademarks with considerable heft. Krebs on Security reports Microsoft recently leveraged its trademarks to severely cripple a botnet.

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.

Microsoft's request for a restraining order (which I haven't been able to locate yet) pointed out Trickbot infects and alters Microsoft products, which could cause users to believe Microsoft itself has zombiefied their device. This misattribution of source cause has the potential to cause harm to Microsoft's reputation and brands.

However, it doesn't appear Trickbot ever co-opts Microsoft's trademarks to present computer users with seemingly legitimate applications. Instead, it infects Windows systems, causing problems while hiding itself from victims. Microsoft's trademark argument is novel: there's no appropriation, just a lot of potential damage to its reputation from people unwittingly operating infected systems.

The order was granted and Microsoft now has control of some of the servers used by the malicious hackers. Others remain online but work has been done to mitigate future damage.

Microsoft’s action comes just days after the U.S. military’s Cyber Command carried out its own attack that sent all infected Trickbot systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control them. The roughly 10-day operation by Cyber Command also stuffed millions of bogus records about new victims into the Trickbot database in a bid to confuse the botnet’s operators.

Microsoft's unusual trademark litigation isn't its only use of IP to battle a botnet. In a post about this operation/litigation, the company is also wielding its copyright in a more questionable manner.

This action also represents a new legal approach that our DCU [Digital Crimes Unit] is using for the first time. Our case includes copyright claims against Trickbot’s malicious use of our software code.

Microsoft probably knows something the rest of us don't, but using the information available, it's difficult to see how attacking a system with a malicious script "uses" Microsoft's software code. If this legal theory is granted credence by a judge, it will make it easier for companies (like… I don't know… Apple) to shut down hobbyists and enthusiasts who modify devices or programs containing copyrighted code to do things companies don't approve of. While it's great Microsoft is stepping up to shut down a botnet, it's not as great to see it willing to abuse IP law to get it done.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: botnet, trademark, trickbot
Companies: microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 15 Oct 2020 @ 6:24am

    Cyberlaw podcast opined on this as well

    ... saying that it likely would not stand up to a court challenge.

    However, first there needs to be a court challenge. That is, someone claiming ownership of the systems being seized.

    Next on bot-wars: command and control systems being themselves bots...


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.