Microsoft lawyers and technical employees "gathered evidence and deactivated Web servers ostensibly used by criminals in a scheme to infect computers and steal personal data. At the same time, Microsoft seized control of hundreds of Web addresses that it says were used as part of the same scheme." The Microsoft personnel had obtained a warrant from a federal judge to conduct the sweep, which was part of a civil lawsuit brought by Microsoft targeting equipment used to control the botnets.
Microsoft argues that the individuals behind the botnets are violating Microsoft trademarks through their fake e-mails.
Mr. Boscovich said the Friday sweep was meant to send a message to the criminals behind the scheme, whose identities are unknown. “We’re letting them know we’re looking at them,” said Mr. Boscovich after participating in the Pennsylvania raid, in Scranton.
Before Friday’s sweep, Microsoft attacked three botnets in the last couple of years through civil suits. In each case, Microsoft obtained court orders that permitted it to seize Web addresses and computers associated with the botnets without first notifying the owners of the property. The secrecy was necessary, Microsoft argued, to prevent criminals from re-establishing new communications links to their infected computers.
The Times quoted some security experts as deeming Microsoft's approach effective in fighting botnets. Richard Perlotto, of Shadowserver Foundation, which tracks tools used for online fraud and computer crime, pointed out that the activity is not a replacement for law enforcement action. Microsoft's Richard Boscovich equated the effort with a neighborhood watch program.