In the second such announcement in less than a week, the
Canadian Radio-television and Telecommunications Commission (CRTC)
has publicly announced an advanced
investigative action -- this time against an unnamed
organization suspected of involvement in the distribution the
notorious and widely distributed Win32/Dorkbot malware.
The CRTC announced that, with the assistance of the Royal
Canadian Mounted Police (RCMP), it had served its first-ever
warrant under Canada's Anti-Spam Legislation
(CASL) to "take down" a command-and-control
server located in Toronto, Ontario as part of what the Commission
has characterized as a coordinated international effort.
In a similar announcement last
week, the Commission stated that it had executed an
inspection warrant under the Telecommunications Act to enter and
inspect an unidentified property in Brampton, Ontario, as part of
an ongoing investigation into an illegal telemarketing
In addition to relating to the first warrant issued under CASL,
the most recent announcement is noteworthy because it was part of a
global effort to disrupt distribution and operation of
malware. Software provider Microsoft issued a release indicating that it
had aided law enforcement agencies around the world to help disrupt
the four-year old botnet called Dorkbot. Microsoft said that,
in addition to the CRTC, it worked with security vendor ESET,
the Computer Emergency Response Team Polska, the Department of
Homeland Security's U.S. Computer Emergency Readiness Team,
Europol, the FBI, Interpol, and the RCMP.
Microsoft indicated that the Win32/Dorkbot malware family has
infected more than one million PCs in over 190 countries, making it
one of the most widely distributed malware families. The malware
can be spread to the devices of unsuspecting users through USB
flash drives, instant messaging programs, and social networks. Once
installed, the Dorkbot malware steals user credentials and personal
information, disabling security protection, and distributing
several other prevalent malware families. It has
also been reported that a system infected with Dorkbot
may be used to send spam, or to participate in denial-of-service
The CRTC has a range of investigative powers available under
CASL, including the authority to issue preservation demands and
notices to produce. With judicial authorization, it may
obtain injunctions against suspected offenders and execute search
warrants to enter premises to investigate and verify compliance
with the Act, as well as to seize anything found in the place and
prohibiting or limiting access to all or part of the premises.
The announcement of the execution of a warrant against a malware
distributor will be welcome news for Canadian businesses, as this
most recent investigative and enforcement action by the CRTC is
directly targeted at the most damaging and deceptive types of
online threats, which were intended to be the core focus of
CASL. As noted in previous posts, concerns have been raised
by many businesses in light of an apparent focus to date by the
CRTC on enforcement against legitimate domestic companies for
errors made in attempting to comply with the new law, rather than
targeting intentional bad actors.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).