On December 3, 2015, the Canadian Radio-television and Telecommunications Commission (CRTC) announced its first execution of a warrant issued under Canada’s Anti-Spam Legislation (CASL). The warrant was executed in the takedown of a Toronto-based command-and-control server responsible for the widely distributed Win32/Dorkbot malware family. The takedown was a coordinated effort from the Royal Canadian Mounted Police, the US Federal Bureau of Investigation, Interpol, Europol, and Microsoft, among others.
Enacted in July, 2014, CASL provides for the issuance of warrants to the CRTC if necessary in order to (i) verify compliance with CASL; (ii) determine contravention of certain CASL provisions; or (iii) assist in the investigation of contraventions of similar foreign state laws. In January, 2015, provisions of CASL came into effect prohibiting the installation of software, including malware, on an individual’s computer without consent.
Dorkbot has infected over one million computers in over 190 countries. The malware compromises computers in multiple ways and has been associated with theft of online banking passwords and the downloading and installation of other harmful malware.