Microsoft announced legal action Monday seeking to disrupt the cybercrime digital network known as Trickbot, which is seen as a major threat to the US presidential election, per the AP. The Washington Post calls it one of the world's biggest botnets, one with the potential to gum up state and local computer systems that handle election results. The operation to knock command-and-control servers for the botnet offline was initiated with a court order Microsoft obtained in Virginia federal court on Oct. 6. Microsoft argued that the crime network is abusing its trademark, and the company plans to use the court order to persuade internet providers to take down the botnet servers. Created in 2016 and used by a loose consortium of Russian-speaking cybercriminals, Trickbot is a digital superstructure for sowing malware in the computers of unwitting individuals and websites. The network uses more than 1 million such zombie computers to loot bank accounts and spread ransomware.
In recent months, its operators have been increasingly renting it out to other criminals who have used it to sow ransomware, which encrypts data on target networks—crippling them until the victims pay up. One of the biggest reported victims of ransomware sowed by Trickbot was the hospital chain Universal Health Services, which said all 250 of its US facilities were hobbled in an attack last month that forced doctors and nurses to resort to paper and pencil. “It is very hard to tell how effective it will be but we are confident it will have a very long-lasting effect,” said Jean-Ian Boutin, head of threat research at ESET, one of several cybersecurity firms that partnered with Microsoft to map the command-and-control servers. But Paul Vixie of Farsight Security said that "experience tells me it won’t scale—there are too many IP’s behind uncooperative national borders."
(Read more botnet