Inside Microsoft botnet takedowns

By , Network World |  Security, botnets, Microsoft

When Microsoft took extraordinary steps earlier this month to disrupt the Nitol botnet it was the fifth time its Digital Crimes Unit had taken action against such threats, each time expanding its technical and legal toolkit for making it harder and more expensive to run cybercrime enterprises.

Using a creative interpretation of some common law precedents as well as the U.S. Computer Fraud and Abuse Act, DCU won a court order granting Microsoft control over an entire Internet domain to which it had traced command and control servers that rode herd over the botnet.

NEW TRICK: Botnet masters hide command and control server inside the Tor network

DEFENSE: Botnet or human? Black Lotus service sorts them out to block DDoS attacks

The company then used new technology from partner firm Nominum to disable only those subdomains proven to harbor malicious activities, leaving the rest to function unmolested.

While the effort doesn't guarantee the demise of Nitol it does make things more difficult for the people behind it, and it serves notice to other criminals that Microsoft might strike them at any time, says Richard Boscovich, assistant general counsel for the DCU.

All the DCU's efforts are intended to make it more expensive for criminals to run their enterprises and add risk when they do, he says. By increasing the cost of doing business, he hopes there will be less crime. Each time criminals suffer a setback, it takes them more time and money to create more sophisticated code in order to stay in business. And since not everyone has the talent fewer people will be able to do it, and it will cost more.

The DCU has just 11 members or so, augmented by tapping the resources of other departments within Microsoft as well as technology partners, universities and CERTs throughout the world with which it pieces together teams devoted to each assault against Internet criminals, says TJ Campana, the director of DCU.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question