Microsoft moving bot-busting fight to the cloud

Instead of providing daily emails on botnet activity, Microsoft is turning to the cloud to provide near-time updates to ISPs

By Mark Hachman, PC World |  Security, Microsoft

Microsoft has moved its botnet-fighting capabilities to the cloud, a step that will make its response teams both faster and more effective in fighting hijacked PCs.

Microsoft launched its Microsoft Active Response for Security (MARS) program in 2010, relying on a series of daily emails to ISPs and other clients to warn them about the networks of hijacked PCs, known as botnets, operating within their borders.

Now, Microsoft's new effort, dubbed the Cyber Threat Intelligence Program (C-TIP), taps the Microsoft Azure cloud to send updates as frequently as every 30 seconds, providing near-real-time threat intelligence to its clients. All the information is uploaded directly to each organization's private cloud via Azure, Microsoft said. 

Botnets are typically formed when hackers exploit vulnerabilities in a number of different computers, either via a Trojan, infected Web site, or a phishing attack. The "zombie" PCs are then networked together and ordered about by a command-and-control server or servers. The botnet can then be used for anything including distributed denial-of-service attacks, distributing malware, to "clickjacking," such as the automated clicking of ads that the "Chameleon" botnet recently exploited to the tune of an estimated $6 million per month.

The automated Microsoft services can be used to quickly inform ISPs which of the PCs on their network may be part of a botnet, so their Internet access can be shut off or monitored.

"While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," TJ Campana, director of security, for Microsoft's Digital Crimes Unit, said in a statement. "It also gives us another advantage:  Cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we're able to take those resources away from them, they'll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place."

Microsoft said it will provide its C-TIP services to ISPs and Computer Emergency Response Teams around the globe. So far, two CERTs have signed up: Spain's CERT, known as INTECO; plus a pair of CERTs in Luxembourg, known as CIRCL and govCERT. Microsoft already sends its daily emails to 44 organizations in 38 countries, the company said, and hopes to transition the remainder over to the C-TIP program as soon as possible. 

Don't miss...

Top 10 programming skills that will get you hired
Top 10 programming skills that will get you hired

25 crazy and scary things the TSA has found on travelers

8 famous software bugs in space

  Sign me up for ITworld's FREE daily newsletter!

Originally published on PC World |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question