Share

Top 5 Stories

News

Microsoft to distribute botnet intelligence to governments, industry

12 January 2012

Microsoft is testing a new service to distribute threat data captured from botnets and other sources to governments, law enforcement, computer emergency response teams, and companies.

Microsoft representatives told the International Conference on Cyber Security being held this week in New York that the company plans to provide intelligence feeds using the data it collects from captured botnets, such as Kelihos and Rustock, to government and industry partners, according to a report by Kaspersky Lab’s Threat Post.

The Redmond, Wash., firm has been beta testing the system internally in recent months. The system is a 70-node cluster running the Apache Hadoop framework on top of a Windows server, the report said.

The data includes IP addresses of Kelihos infected systems complemented by other data such as autonomous system numbers and reputation data provided by Microsoft's smart data network services.

Microsoft collects the data by leveraging its Internet infrastructure, including a load-balanced, 80gb/second global network, by pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity, and effectively taking them offline, the report said.

Microsoft anticipates being able to offer three real-time feeds, which third parties could access using application program interfaces provided by the company.

Governments and companies could use the data to look for malware infections that often accompany botnet infections or correlate data on botnet hosts with data on click fraud and other scams, the report said.
 

This article is featured in:
Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×