ALEXANDRIA, Va. (CN) - Microsoft sued a group of hackers who have allegedly stolen millions of dollars from computer users and financial institutions worldwide using malware disguised as the tech giant's Windows software.
Microsoft Corporation and FS-ISAC, Inc., filed a trademark infringement suit in the Eastern District of Virginia against three John Does, whom the company alleges have created an illegal network of interconnected computers they have infected with malware and are using for criminal purposes.
The John Does, whose identities the plaintiffs say they will work to ascertain, allegedly infected computers with malicious software and connected those computers in a network called a Ramnit botnet.
A command and control infrastructure allows the defendants to use the Ramnit to steal millions of dollars from those who use the infected computers, as well as the financial institutions that service the computer users, the plaintiffs allege in their suit.
"The user is unaware of Ramnit's activity as Defendants have designed Ramnit to hide itself and its unlawful activity on infected computers in part by disabling the security defenses of the user's computer," the complaint says. "The operating system still purports to be Windows, and the browser still purports to be the user's normal browser, be it Internet Explorer, Chrome, Firefox, or other. But in fact, Ramnit has corrupted and thereby converted these products into instruments of fraud aimed directly at the user of the computer."
While disguised on a user's computer, the Ramnit is able to capture the user's login details and personal information that allows the defendants to later access the user's bank account, according to the plaintiffs. FS-ISAC is a member organization for the financial services industry that works to detect and respond to cyber security threats, and many of its members have been impacted by the Ramnit.
"Defendants have been alarmingly successful in spreading the Ramnit infection to computers around the world," the complaint says. "Since approximately January 2010, Ramnit has been among the most prolifically spread malware infections among the many that are tracked by security experts."
The Ramnit can exploit web browsers such as Microsoft Internet Explorer and Mozilla Firefox to intercept communications between computer users and their financial institutions, according to the lawsuit. The Ramnit is able to do so by replacing a financial institution's real webpage with a fake Ramnit-controlled page.
When the Ramnit does that, it keeps the FS-ISAC member financial institution's trademarks on the fake webpage, which the plaintiffs charge is an infringement of those institutions' trademarks. The Ramnit's manipulation of Microsoft's software also degrades the quality of the software and its ability to function.
"Once a computer is infected, the Windows operating system and Internet Explorer browser applications on that computer cease to operate normally and are transformed into tools of deception and theft," the lawsuit states. "But Windows and Internet Explorer still bear Microsoft's trademarks. Customers who experience degraded performance of Microsoft's products may attribute such poor performance to Microsoft, causing extreme damage to Microsoft's brands and trademarks and the goodwill associated therewith."
Microsoft and FS-ISAC have brought their action under the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act and the Lanham Act, and they seek injunctive relief to halt the defendants' criminal activities.
The plaintiffs are represented by David B. Smith, Gabriel M. Ramsey, Jacob M. Heath, Robert L. Uriarte, Jeffrey L. Cox and Richard Domingues Boscovich.