On Friday, armed with a federal warrant and backed by U.S. Marshals, Microsoft employees raided web hosting centers in Scranton, Pennsylvania and Lombard, Illinois to seize servers and take possession of hundreds of Internet domain names. The actions were part of a global legal effort by Microsoft and partners to go directly after botnets through civil lawsuits.

The servers and the domains hosted on them were allegedly being used to spread multiple Zeus botnets and collect key-logging data from infected computers, a Microsoft spokesperson said in a statement on Sunday. Microsoft and its partners in the effort—the Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA—obtained warrants for the seizures through a federal lawsuit based in part on the Racketeer Influenced and Corrupt Organizations (RICO) Act.

In the suit, the organizations claimed that the phishing e-mails used to spread the botnet infringed on their trademarks and intellectual property. When recipients clicked on the links in the messages, the sites downloaded malware based on the Zeus botnet that could be used to take control of computers and steal personal data—including passwords and financial information—by recording what users typed.

The effort, called Operation b71, is the second time Microsoft has gone after botnet operations on its own rather than waiting for law enforcement to take action. Last March, Microsoft's Operation b107 took down the Ruckstock botnet. But b71 is the first time that Microsoft has gotten other organizations to join as plaintiffs in the civil suits used to after a botnet operator, and used RICO as a legal instrument to go after botnet operators. It's also the first time Microsoft has simultaneously moved against multiple botnets in a single seizure operation.