CRTC serves its first-ever warrant under Canada’s anti-spam law

The Canadian Radio-television and Telecommunications Commission (CRTC) announced on Thursday that it has served its first-ever warrant under Canada’s anti-spam law (CASL) to take down a command-and-control server located in Toronto as part of a coordinated international effort.

With this effort, law enforcement agencies from around the globe have disrupted one of the most widely distributed malware families: Win32/Dorkbot, the CRTC said in a statement on Thursday, noting that this malware family has infected more than one million personal computers in over 190 countries.

Win32/Dorkbot spreads through USB flash drives, instant messaging programs and social networks, the CRTC explained in the statement. Once a computer becomes compromised, it can be instructed to: steal passwords used for online banking and payments; download and install dangerous malware; and join other infected computers in sending multiple requests to a specific server in the hopes of overwhelming its capacity to respond (known as a distributed denial of service attack).

Related: Rogers Media Inc. agrees to pay $200,000 for allegedly violating Canada’s anti-spam law

As part of this investigation, the CRTC is working in close collaboration with its partners, including the Federal Bureau of Investigation, Europol, Interpol, Microsoft Inc., the RCMP, Public Safety Canada and the Canadian Cyber Incident Response Centre.

“The CRTC will continue to collaborate with its domestic and international partners to aggressively pursue investigations of alleged violations under Canada’s anti-spam legislation to protect Canadians from online threats,” the statement said.

The CRTC does not comment on active investigations, nor does it name the individuals or companies under investigation. The warrant was granted by a judge of the Ontario Court of Justice and was carried out with the assistance from the RCMP.

“We are pleased to work alongside our partners during this investigation to mitigate the harm caused to Canadians and citizens in other countries by Dorkbot,” CRTC chief compliance and enforcement officer Manon Bombardier said in the statement. “These are very egregious botnets that are used for illicit activities and can lead to identity theft and fraud. This operation shows that partnerships between domestic and international law enforcement agencies are key in the fight against transnational cyber threats.”