Microsoft botnet-hunting tool helps bust hackers
Botnet fighters have another tool in their arsenal, thanks to Microsoft.
The software vendor is giving law enforcers access to a special tool that keeps
tabs on botnets, using data compiled from the 450 million computer users who
have installed the Malicious Software Removal tool that ships with Windows.
Although Microsoft is reluctant to give out details on its botnet buster --
the company said that even revealing its name could give cyber criminals a clue
on how to thwart it -- company executives discussed it at a closed door conference
held for law enforcement professionals Monday. The tool includes data and software
that helps law enforcers get a better picture of the data being provided by
Microsoft's users, said Tim Cranton, associate general counsel with Microsoft's
World Wide Internet Safety Programs. "I think of it ... as botnet intelligence,"
he said.
Microsoft security experts analyze samples of malicious code to capture a snapshot
of what is happening on the botnet network, which can then be used by law enforcers,
Cranton said. "They can actually get into the software code and say, 'Here's
information on how it's being controlled.'"
Botnets are networks of hacked computers that can be used, almost like a supercomputer,
to send spam or attack servers on the Internet. They have been on Microsoft's
radar for about four years, ever since the company identified them as a significant
emerging threat. In fact, the software vendor has held seven closed-door botnet
conferences for law enforcement officials over the years, including an inaugural
event in Lyon, France, hosted by Interpol, Cranton said.
Microsoft had not previously talked about its botnet tool, but it turns out
that it was used by police in Canada to make a high-profile bust earlier this
year.
In February, the Sûreté du Québec used Microsoft's botnet-buster
to break up a network that had infected nearly 500,000 computers in 110 countries,
according to Captain Frederick Gaudreau, who heads up the provincial police
force's cybercrime unit.
The case illustrates how useful Microsoft's software and data can be.
After monitoring hacker chat rooms and interviewing sources, Quebec police
had suspects in their case. But what they didn't have was a clear link showing
who was actually controlling the botnets. Because botnets usually get their
instructions from other hacked computers, it can be hard to connect the dots
in a case like this. "We knew that those people were really active and
what we needed to really charge them was to do deeper intelligence, and to know
how they were using those botnets," he said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
