Microsoft (MSFT) has brought the considerable weight of its Windows Azure cloud computing platform into its fight against botnet malware intrusions with a new program geared to better inform cybercrime fighting organizations of real and potential threats.
Botnets are malware-infected computers connected by the Internet, more likely than not running the Windows operating system, numbering into the hundreds or thousands that can comprise a digital army attacking email, launching denial-of-service attacks or more insidious invasions.
Earlier this week, the company disclosed its new Azure-based Cyber Threat Intelligence Program (C-TIP), a cloud-based extension of its Microsoft Active Response for Security (MARS) program initially rolled out in 2010. With MARS, Microsoft uses email to share intelligence from its anti-botnet operations with ISPs and Computer Emergency Response Teams (CERTs) worldwide. Some 44 organizations in 38 countries receive threat intelligence emails from Microsoft.
Now, however, by leveraging its substantial cloud resources, Microsoft can deliver information on botnet malware infections to ISPs and CERTs far closer to real time, according to TJ Campana, Microsoft Digital Crimes Unit security director, writing in a Microsoft for Public Safety & National Security blog post.
“The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organizations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers,” he wrote.
“All too often, computer owners, especially those who may not be using up-to-date, legitimate software and anti-malware protection, unwittingly fall victim to cybercriminals using malicious software to secretly enlist their computers into an army of infected computers known as a botnet, which can then be used by cybercriminals for a wide variety of attacks online,” wrote Campana.
Early adopters of the C-TIP program include the Spanish CERT INTECO, along with Luxemborg's CIRCL and govCERT. Localized threat intelligence is delivered to those organizations’ private clouds through Azure every 30 seconds, according to Campana. "Participation in this system allows these organizations almost instant access to threat data generated from previous as well as future MARS operations," he said.
“Every day our system receives hundreds of millions of attempted check-ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital,” said Campana. “This data provides valuable information that can be used by ISPs and CERTs to notify victims and help them regain control of their computers.”
Leveraging Azure to share threat intelligence in near real time should boost Microsoft’s efforts to clean computers of malware, and, in so doing, help it to keep pace with cybercrime, said Campana. And, by relieving botnet cybercrooks of infected computers, Microsoft reasons it may be able to force them to “spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place,” he said.