CRTC serves first-ever CASL warrant, helps take down malware ‘botnet’
The CRTC worked on the investigation with the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc. and the RCMP
OTTAWA—The Canadian Radio-television and Telecommunications Commission (CRTC) has served its first-ever warrant under Canada’s anti-spam law (CASL) to take down a command-and-control server located in Toronto as part of a coordinated international effort.
The warrant was granted by a judge of the Ontario Court of Justice and was carried out with assistance from the RCMP.
Law enforcement agencies from around the globe have disrupted one of the most widely distributed malware families: Win32/Dorkbot. This malware family has infected more than one million personal computers in more than 190 countries.
“We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot. These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats. I am grateful the RCMP provided assistance in this matter,” said Manon Bombardier, CRTC chief compliance and enforcement officer.
Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. Once a computer becomes compromised, it can be instructed to: steal passwords used for online banking and payments; download and install dangerous malware; and join other infected computers in sending multiple requests to a specific server in the hopes of overwhelming its capacity to respond (known as a distributed denial of service attack).
As part of this investigation, the CRTC is working in close collaboration with the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc., the RCMP, Public Safety Canada and the Canadian Cyber Incident Response Centre.
- Malware refers to a variety of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
- A botnet is a set of computers that have been compromised through the installation of malware and which can be instructed to send spam, install additional malicious programs and steal passwords, among other illicit activity.
- A command-and-control server is the centralized computer that issues commands to a botnet and receives reports back from the co-opted computers.