TORONTO – The CRTC has issued its first warrant under the federal government’s anti-spam legislation to take down a Toronto-based malware server in an attempt to disrupt an international network of infected computers.
The move was part of a co-ordinated effort between Canadian authorities, overseas law enforcement including Interpol and the U.S. Federal Bureau of Investigation, and Microsoft Corp.
The CRTC said the Toronto server acted as a command-and-control point for the Win32/Dorkbot malware, a family of related computer worms that spread through USB keys and instant messenging services and can steal usernames and passwords by watching your online activity.
A computer infected with Dorkbot can also download other malware and compromise a system further.
Canada’s telecoms regulator gained new powers over the Internet when Ottawa’s anti-spam legislation came into effect in July 2014.
This is the first time the CRTC has used those powers to take down a server distributing malware on the Internet.
The agency said it would not name the individuals or companies under investigation in relation to the warrant, and that the RCMP assisted in serving the warrant.
A command-and-control server allows remote access and control of infected PCs, potentially exposing personal data such as financial information.
“These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud,” CRTC chief compliance and enforcement officer Manon Bombardier said in a news release late Thursday.
Botnets, groups of computers infected with malicious code and controlled by a central user, can also be synchronized to perform so-called distributed denial of service attacks that overwhelm an Internet server by flooding it with requests.
One such attack took down federal government email systems and the websites of several major departments in June.
Microsoft says on its website that the latest versions of its security software, including Windows Defender and Microsoft Security Essentials, can protect your machine from the Dorkbot malware as well as detect and remove it.