CRTC serves its first-ever warrant under CASL in botnet takedown

The Canadian Radio-television and Telecommunications Commission (CRTC) announced Dec 3rd that it had served its first-ever warrant under Canada’s anti-spam law (CASL) to take down a command-and-control server located in Toronto, Ontario as part of a coordinated international effort.
Law enforcement agencies from around the globe have disrupted one of the most widely distributed malware families: Win32/Dorkbot. This malware family has infected more than one million personal computers in over 190 countries.

Dorkbot spreads through USB flash drives, instant messaging programs, and social networks. Once a computer becomes compromised, it can be instructed to: steal passwords used for online banking and payments; download and install dangerous malware; and join other infected computers in sending multiple requests to a specific server in the hopes of overwhelming its capacity to respond (known as a distributed denial of service attack).
As part of this investigation, the CRTC is working in close collaboration with its partners, including the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc., the Royal Canadian Mounted Police (RCMP), Public Safety Canada and the Canadian Cyber Incident Response Centre.
The CRTC will continue to collaborate with its domestic and international partners to aggressively pursue investigations of alleged violations under Canada’s anti-spam legislation (CASL) to protect Canadians from online threats.
Canadians are encouraged to report spam to the Spam Reporting Centre. The information sent to the Centre is used by the CRTC, the Competition Bureau and the Office of the Privacy Commissioner to enforce Canada’s anti-spam law.
The CRTC does not comment on active investigations, nor does it name the individuals or companies under investigation.
Quick Facts
Canada’s anti-spam law protects Canadians while ensuring that businesses can continue to compete in the global marketplace.
The CRTC has a number of enforcement tools at its disposal and is using cutting-edge cyber security techniques to prevent and/or investigate alleged violations of Canada’s anti-spam law.
The warrant was granted by a judge of the Ontario Court of Justice and was carried out with the assistance from the RCMP.
A botnet is a set of computers that have been compromised through the installation of malware and which can be instructed to send spam, install additional malicious programs and steal passwords, among other illicit activity.
A command-and-control server is the centralized computer that issues commands to a botnet and receives reports back from the co-opted computers.
“We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot. These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats. I am grateful the RCMP provided assistance in this matter.”
Manon Bombardier, CRTC Chief Compliance and Enforcement Officer