Microsoft will use its Windows Azure cloud infrastructure to increase the speed with which it shares data on malware infections and ongoing attacks with ISPs and computer emergency response teams.
Microsoft said on Tuesday that its new Cyber Threat Intelligence Program (C-TIP) will boost data speeds to near-real-time, giving ISPs and computer emergency response teams, or CERTS, the ability to address infections on corporate systems or notify customers with malware-laden systems. Microsoft, Redmond, Wash., currently shares information with 44 organizations through a threat intelligence email. Early adopters under the new C-TIP program will receive updated threat data related to infected computers in their specific country or network every 30 seconds.
"While our cleanup efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," wrote TJ Campana, director of security in the Microsoft Digital Crimes Unit, on a Microsoft blog.
Microsoft has been actively sharing data it collects as part of Project MARS, the Microsoft Active Response for Security program. The program, which started in 2010, attempts to disrupt botnets by taking legal action to seize known botnet command and control servers. Once the servers are seized, data is collected on the army of infected computers that make up the global botnet.
"These infected computers continue to try to check into the botnet command for instructions until they are cleaned of the malware," Campana wrote. "Every day our system receives hundreds of millions of attempted check-ins from computers infected with malware."
Microsoft and other security firms have disrupted six botnets in the past three years. Symantec partnered with the software maker to disrupt the Bamital botnet, in the crime unit's latest action in February. That botnet was tied to 8 million malware-infected computers. Bamital defrauded online advertising networks and redirected victims to malicious websites.
Microsoft also took court action to seize the Zeus command and control servers. The botnet contained 13 million computers infected with the Zeus Trojan including 3 million computers in the U.S. Despite these disruptions, botnets often regain strength. Zeus, the notorious banking Trojan, continues to be a serious problem in the financial industry.
Microsoft used the court system to disrupt Waledac, a spam botnet that security experts said was responsible for an estimated 1 billion spam messages a day. The Nitol botnet, Kelihos and Rustock also were disrupted through legal action.
PUBLISHED MAY 29, 2013