Microsoft says it didn't want criminals to think that Microsoft would let them rebuild their networks by simply tinkering with their old code.
In March of this year, Microsoft, Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA (the electronic payments association) teamed up to get court permission to seize servers associated with the worst instances of the password-stealing Zeus botnet. They seized two IP addresses and secured 800 domains that they monitored to identify the bots under Zeus control.
They also named two people as defendants in a civil case involving Zeus, one of the rare times they have been able to track illegal activities to specific persons.
Earlier this month Microsoft went after Nitol, a serendipity that arose from a Microsoft investigation into pirated software being loaded onto brand-new computers in China and sold as legitimate Windows machines. One of the computers came not only with a pirated operating system, but it was also infected with Nitol, which enlists computers into botnets that can be used for a variety of illegal activities. It also enables downloading further malware.
Initially the team had no intention of taking a disruptive action against Nitol, but when further investigation led to a domain known as a haven for malicious activity, it decided it had to do something. The company traced more than 560 types of malware lurking in the 322.org domain.
Boscovich says the action was targeted so as not to disrupt legitimate users of the domain by taking down the entire domain. This tactic was so effective that it will likely become a standard tool, he says.
"This opens the door for future actions," he says, which are imminent.
"You'll see more from us," says Campana.
Sign up for CIO Asia eNewsletters.