The Canadian Radio-television and Telecommunications Commission (CRTC) announced on Thursday, December 3, 2015, that it had served its first-ever warrant under Canada’s anti-spam law (CASL, enacted July 2014) to take down a command-and-control server located in Toronto, Ontario, that was being used to distribute Win32/Dorkbot malware.
The CRTC indicated in its press release that it was working in close collaboration with its partners, including the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc., the Royal Canadian Mounted Police (RCMP), Public Safety Canada and the Canadian Cyber Incident Response Centre.
“We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot,” said CRTC Chief Compliance and Enforcement Officer Manon Bombardier. “These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats. I am grateful the RCMP provided assistance in this matter.”
Dorkbot, which was first seen in 2011, spreads through USB flash drives, instant messaging programs, and social networks. Once a computer becomes compromised, it can be instructed to: steal passwords used for online banking and payments; download and install dangerous malware; and join other infected computers in sending multiple requests to a specific server in the hopes of overwhelming its capacity to respond (known as a distributed denial of service attack).
In a blog post, Microsoft said that it began noticing that Dorkbot was attempting to hijack login details for people’s Facebook, Gmail, Netflix, PayPal and Twitter accounts.
The warrant was granted by a judge of the Ontario Court of Justice and was carried out with the assistance from the RCMP.
To subscribe for updates from our Data Protection Report blog, visit the email sign-up page.