Microsoft prepares botnet intelligence feed

Microsoft is to offer a real-time intelligence feed of botnet and e-crime data to public and private sector subscribers, according to security company Kaspersky.

Data from networks of compromised computers will be among the information on offer to ISPs, CERTs, government agencies and private companies, Kaspersky said in a blog post on Wednesday. The data will be tailored to customer needs, the security company said.

"Microsoft collects the data by leveraging its huge internet infrastructure, including a load-balanced, 80Gb/second global network, to swallow botnets whole — pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline," said Kaspersky.

Data sources open to Microsoft include information from the Kelihos, Waldec, and Rustock botnets, said Kaspersky. Microsoft Digital Crimes Unit (MDCU) is in the process of beta testing the intelligence system, a 70-node cluster running the Apache Hadoop framework on top of Windows Server.

A number of organisations, including the UK government, have called for greater data-sharing to combat e-crime.

Microsoft had not responded to a request for comment at the time of writing.