Microsoft shifts botnet alert system to private Azure clouds

Summary:Private clouds replace email in Microsoft's war on botnets.

Microsoft is moving its cyberthreat intelligence-sharing program to a series of private clouds hosted on Azure, providing ISPs and security teams near real-time information on malware infections.

The Azure-based Cyber Threat Intelligence Program (C-TIP) will provide computer emergency response teams (CERTs) and ISPs with data on infected PCs updated every 30 seconds, TJ Campagna, director of security at Microsoft’s Digital Crimes Unit (DCU) wrote in a blogpost on Tuesday.

C-TIP is part of Microsoft's Project MARS, an initiative that oversees the legal and technical botnet takedown efforts from Microsoft's Digital Crimes Unit, Trustworthy Computing, Malware Protection Centre and customer support services. Recent botnet scalps include Waladec, Rustock and Kelihos, which Microsoft had taken down after filing civil complaints against "John Does" to secure a court order to shut down command and control domains.

The new platform is a an "evolution" of the C-TIP launched in 2010, which currently shares threat information with 44 organisations in 38 countries by email.

The new cloud-based system will provide faster updates on current threats, but also information on Microsoft’s previous MARS initiatives, according to Campagna.

"All the information is uploaded directly to each organisation's private cloud through Windows Azure. Participation in this system allows these organisations almost instant access to threat data generated from previous as well as future MARS operations," he wrote.

Early adopters included Spain's and Luxembourg's CERTs, and momentum was growing for the new system, Campagna said.

"Every day our system receives hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. This data provides valuable information that can be used by ISPs and CERTs to notify victims and help them regain control of their computers."

Topics: Cloud, Microsoft, Security

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.