Microsoft embarks on blocking the infamous malware 'TrickBot' for presidential election

Amid concerns about the impact of malware and ransomware on the US presidential election in November 2020, Microsoft and many tech companies have collaborated to take action to thwart malware called ' TrickBot. ' Has been announced.

New action to combat ransomware ahead of US elections --Microsoft on the Issues
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/

Microsoft and others orchestrate takedown of TrickBot botnet | ZDNet
https://www.zdnet.com/article/microsoft-and-other-tech-companies-orchestrate-takedown-of-trickbot-botnet/

In connection with the 2020 presidential election, cyberspace interference with the election is threatened, as Microsoft reports that the presidential election is under cyber attack from hacker organizations in Russia, China and Iran. .. Microsoft points out that ransomware can also be used to create confusion and distrust by attacking voter rosters and the election infrastructure that reports ballot counting results.

Microsoft reports that 'Presidential elections are being cyber-attacked by hacker organizations in Russia, China and Iran' --GIGAZINE

So Microsoft is working with FS-ISAC , ESET , Lumen's Black Lotus Labs , NTT , Symantec a division of Broadcom (Symantec Endpoint Protection) and others to distribute ransomware, one of the world's most notorious botnets. We have set out to stop the malware 'TrickBot' that is also used in.

TrickBot is a Trojan horse malware that steals bank account information, email accounts, system and network information, and more. Not only that, it can be used as part of a botnet by installing a backdoor on an infected system, or it can be used to install other malware or ransomware.

Introduced in 2016, TrickBot is a malware primarily targeted at Windows devices, and at the time of writing, it is estimated to infect more than 1 million computers and IoT devices worldwide. In recent years, Microsoft has pointed out that TrickBot operators have been spreading the infection by putting TrickBot on documents and links disguised as topics such as the new coronavirus infection (COVID-19) and the Black Lives Matter movement.

So Microsoft requested a court order to shut down the TrickBot server in the United States District Court for the Eastern District of Virginia to take steps to shut down TrickBot. In a legal document , Microsoft claims that TrickBot is destroying Windows products, causing extreme damage to Microsoft's brand. It also alleges that 'TrickBot is abusing Microsoft's software code and infringing copyright.'

Microsoft has been working with partners for several months to collect and analyze more than 120,000 TrickBot samples, including servers that have ordered TrickBot-infected computers. Approved by the court in October 2020, Microsoft will work with Internet service providers (ISPs) and cyber security teams around the world to suspend the IP address of the TrickBot server, block access to content on the server, and botnet. You have taken an action such as stopping the service to the operator.

Although this move is believed to have caused confusion for TrickBot operators, Microsoft believes operators will bring back TrickBot operations. 'We will work with our partners to monitor their activity and take additional legal and technical steps to stop TrickBot,' Microsoft said.

It is known that the U.S. Cyber Command was also sabotaging TrickBot a few days before Microsoft broke the botnet infrastructure.

Report: US Cyber Command Behind Trickbot Tricks — Krebs on Security
https://krebsonsecurity.com/2020/10/report-us-cyber-command-behind-trickbot-tricks/