Microsoft shifts botnet alert system to private Azure clouds

Microsoft shifts botnet alert system to private Azure clouds

Summary: Private clouds replace email in Microsoft's war on botnets.


Microsoft is moving its cyberthreat intelligence-sharing program to a series of private clouds hosted on Azure, providing ISPs and security teams near real-time information on malware infections.

The Azure-based Cyber Threat Intelligence Program (C-TIP) will provide computer emergency response teams (CERTs) and ISPs with data on infected PCs updated every 30 seconds, TJ Campagna, director of security at Microsoft’s Digital Crimes Unit (DCU) wrote in a blogpost on Tuesday.

C-TIP is part of Microsoft's Project MARS, an initiative that oversees the legal and technical botnet takedown efforts from Microsoft's Digital Crimes Unit, Trustworthy Computing, Malware Protection Centre and customer support services. Recent botnet scalps include Waladec, Rustock and Kelihos, which Microsoft had taken down after filing civil complaints against "John Does" to secure a court order to shut down command and control domains.

The new platform is a an "evolution" of the C-TIP launched in 2010, which currently shares threat information with 44 organisations in 38 countries by email.

The new cloud-based system will provide faster updates on current threats, but also information on Microsoft’s previous MARS initiatives, according to Campagna.

"All the information is uploaded directly to each organisation's private cloud through Windows Azure. Participation in this system allows these organisations almost instant access to threat data generated from previous as well as future MARS operations," he wrote.

Early adopters included Spain's and Luxembourg's CERTs, and momentum was growing for the new system, Campagna said.

"Every day our system receives hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. This data provides valuable information that can be used by ISPs and CERTs to notify victims and help them regain control of their computers."

Topics: Cloud, Microsoft, Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Microsoft shifts botnet alert system to private Azure clouds

    What does Mircosoft just think that there magnet for Botnets are just going to fade away or azume off into the clouds never to be seen or herd from again.
    Over and Out
    • Cloud solution is needed

      to keep track of the staggering explosion of infected Linux Apache, Nginx, lighttpd and now Ruby on Rails sites.

      Keeping track of the huge number of infected Linux machines requires scaleable cloud solution, one which only MS can deliver securely. If they tried to do it with Linux they'd just be pwned by the same exploits that are automatically compromising Apache, Nginx and lighttpd.
      • Meh!

        Come up something better, so sad.......