In March, Microsoft announced that it had made efforts to shut down servers in two unnamed locations that allegedly had "command and control" operations for botnets that used the Zeus, SpyEye and Ice-IX variants of the Zeus malware family. Now it appears that Microsoft is going after a number of people suspected of running the botnets via email records. In order to accomplish this, Microsoft is apparently sending legal notices to email providers, including Google.
The Krebs on Security website reports, via unnamed sources, that a message sent to one Google account holder involved in the botnet case stated:
Google has received a subpoena for information related to your Google account in a case entitled Microsoft Corp., FS-ISAC, Inc. and NACHA v. John Does 1-39 et al., US District Court, Northern District of California, 1:12-cv-01335 (SJ-RLM) (Internal Ref. No. 224623).
To comply with the law, unless you provide us with a copy of a motion to quash the subpoena (or other formal objection filed in court) via email at firstname.lastname@example.org by 5pm Pacific Time on May 22, 2012, Google may provide responsive documents on this date.
The story also claims that a number of security groups have been critical of Microsoft's actions to stop botnets such as the Zeus variant, claiming that the company is not working enough with other security companies or law enforcement authorities on these kinds of operations. Marcia Hofmann, an attorney with the Electronic Frontier Foundation, states:
I suspect this is a situation where Microsoft feels law enforcement isn’t moving quickly enough. But it also basically compromises law enforcement’s ability to do anything about the problem, and makes it possible for the suspects to evade any sort of law enforcement action.