Microsoft Sues Malware Operators for Trademark Infringement


Microsoft has filed a complaint against John Does 1-2 for creating and utilizing “Necurs Botnet,” a “global network of interconnected computers.”  Necurs “is an extremely scaled infrastructure capable of sending a massive volume of spam and is one of the largest bodies of infrastructure in the spam email threat ecosystem. To date, Necurs has infected at least 9 million victim computers.”

The complaint was filed in the New York Eastern District Court. Microsoft is represented by Crowell & Moring, as well as corporate counsel. Microsoft alleges that the unknown defendants have violated the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act. Additionally, the plaintiffs have alleged trademark infringement and dilution under the Lanham Act, “common law trespass to chattels,” conversion, unfair competition, and unjust enrichment.

Necurs Botnet is composed of computers with internet access that have been infected with malware, “including banking Trojans, spamware, and ransomware.” Microsoft has alleged that this will continue their illegal actions unless ordered to stop. Defendants have stolen personal and financial information and funds from victims.

“A ‘botnet’ is a collection of individual computing devices infected with malware that allows communication among those computing devices and centralized or decentralized communication with server computers providing control instructions.” Further, “[i]n each instance where a Necurs malware is downloaded and successfully executed on the user’s computing device, it causes that device to become part of the Necurs botnet. Once part of the botnet, the user’s computing device is capable of sending and receiving communications, code, and instructions to and from other botnet computers.” Botnets are responsible for “many illegal activities because botnets support a wide range of illegal conduct, are difficult for security experts to disable or eradicate, and use a variety of networks and firewalls to conceal the identities of the malefactors controlling them.” They are often used to access personal and financial information to be used for theft or fraud.

Microsoft states that once Necurs is on a computer system, it “utilizes its kernel mode rootkit capabilities to disable a large number of security applications, including Windows Firewall, to protect itself and other malware on the infected system.” Then it performs additional steps to have the infected device join the botnet, however, Necurs is designed to hide as it performs illegal activity and infects devices. Users believe that they are protected with Microsoft’s Windows, however, botnet disables the operating system security measures. Microsoft claims that “[t]he operating system still purports to be Windows, but, in fact, Necurs has corrupted and thereby converted the Windows operating system into instruments of fraud aimed directly at the user of the computing device.” Users are often unaware that this has occurred and that their information has been stolen. The malware in the infected devices will work to infect other devices. Necurs’ malware is “designed to attack computing devices running Microsoft Windows operating systems and may themselves be connected to other criminal botnet infrastructure beyond Necurs receiving additional commands.”

Microsoft has claimed harm to itself, its customers and the public through infecting and damaging devices and devices operating with Microsoft Windows. Damages also include “degrading the integrity of the computers and the operating system, intruding into those devices, disabling some of those systems’ antivirus software, and carrying out malicious actions from those computers directed toward the owners of those computers.”

After a device is infected with Necurs’ malware it does not operate normally and becomes part of the botnet. Consequently, Microsoft states that this deceives and misleads its customers; it damages Microsoft’s reputation, brand, and trademarks. Customers with an infected device may “attribute such poor performance to Microsoft, causing extreme damage to Microsoft’s brands and trademarks and goodwill associated there with.” Microsoft has also had to use significant resources to counter this botnet, such as through cleaning devices, investigating the source and ways to remediate issues, and upgraded security features; in addition to the harm caused to customers, especially financial damages. Additionally, Necurs will infringe on Microsoft’s trademark to confuse customers to believe the installed software legitimately comes from Microsoft, when it is in fact malware.

The court has jurisdiction because the allegations arise out of violating the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, and the Lanham Act. Microsoft has sought an injunction and equitable relief as well as an award for damages and to prohibit Defendants from engaging in said activities.