Microsoft Takes on Shylock Botnets

     ALEXANDRIA, Va. (CN) - Microsoft sued the unknown operates of the Shylock botnets, a nefarious network of virus-infected computers allegedly used to steal millions of dollars from under the noses of PC users.
     Microsoft's federal racketeering complaint names eight John Doe botnet operators that the company says can likely be contacted through third parties.
     According to the complaint, the Shylock botnet system is a global network of interconnected illegal computer networks comprised of computers connected to the Internet that the defendants have infected with malicious software.
     "Defendants have used the Shylock botnets to infect computers on the Internet that defendants then use to steal millions of dollars," the complaint states.
     Microsoft paints a frightening picture of what the botnets can do, from sending bulk email from an infected computer to outright stealing a user's banking information.
     "Defendants use the Shylock botnets primarily to gain access to account credentials for online banking websites to steal - among other things - funds from computer users and financial institutions," the complaint states. "When a user of a Shylock-infected computer attempts to log onto a financial institution's website, Shylock (a) secretly hijacks the user's web browser, (b) captures the user's online financial login credentials and other personal identifying information, and (c) sends that information to defendants."
     The complaint adds: "The user is unaware of Shylock's activity, as defendants have designed Shylock to hide itself and its unlawful activity on infected computers. After Shylock captures the user's login credentials and personal indentifying information, defendants use that information, for example, to access the user's bank account."
     That's not all these viruses can do, Microsoft says.
     It claims the hackers can set up websites that copycat the websites of a user's bank, so that when a Shylock-infected user logs onto her bank's site to monitor her account, she's given false information concealing the digital pillaging of her cash.
     Microsoft says these bogus websites illegally use trademarks from the banks they're ripping off.
     "Shylock is specifically designed to allow defendants to conduct this malicious activity without revealing any evidence of the fraud to the user, Microsoft, the financial institutions or other victim websites until it is too late for the user or owners of these websites to regain control over funds or stolen information," the complaint states. "For example, to avoid alerting the user to the activity being conducted remotely via their own computer, Shylock has a command to turn off any sounds (e.g., beeps or clicks) that the user's computer might otherwise make while being operated remotely. Many aspects of the information gathering and the attacks can be automated by the botnet operator so that the bot code running on each user computer can advance the theft autonomously."
     Microsoft seeks disgorgement and damages from the eight Shylock operators criminal RICO charges, trademark infringement, unjust enrichment and computer crimes.
     It also seeks an injunction "giving Microsoft control over the domains, IP addresses, and phone numbers used by defendants to cause injury and enjoining defendants from using such instrumentalities."
     Microsoft is represented by Lauren Parker of Orrick, Herrington & Sutcliffe, in Washington, D.C.