Microsoft shifts botnet alert system to private Azure clouds

Private clouds replace email in Microsoft's war on botnets.

Read this

Microsoft's Windows 8: The enterprise case

A panel of technology executives outlined their early rollouts of Windows 8, including Windows RT.

Read More

Microsoft is moving its cyberthreat intelligence-sharing program to a series of private clouds hosted on Azure, providing ISPs and security teams near real-time information on malware infections.

The Azure-based Cyber Threat Intelligence Program (C-TIP) will provide computer emergency response teams (CERTs) and ISPs with data on infected PCs updated every 30 seconds, TJ Campagna, director of security at Microsoft’s Digital Crimes Unit (DCU) wrote in a blogpost on Tuesday.

C-TIP is part of Microsoft's Project MARS, an initiative that oversees the legal and technical botnet takedown efforts from Microsoft's Digital Crimes Unit, Trustworthy Computing, Malware Protection Centre and customer support services. Recent botnet scalps include Waladec, Rustock and Kelihos, which Microsoft had taken down after filing civil complaints against "John Does" to secure a court order to shut down command and control domains.

The new platform is a an "evolution" of the C-TIP launched in 2010, which currently shares threat information with 44 organisations in 38 countries by email.

The new cloud-based system will provide faster updates on current threats, but also information on Microsoft’s previous MARS initiatives, according to Campagna.

"All the information is uploaded directly to each organisation's private cloud through Windows Azure. Participation in this system allows these organisations almost instant access to threat data generated from previous as well as future MARS operations," he wrote.

Early adopters included Spain's and Luxembourg's CERTs, and momentum was growing for the new system, Campagna said.

"Every day our system receives hundreds of millions of attempted check ins from computers infected with malware such as Conficker, Waledac, Rustock, Kelihos, Zeus, Nitol and Bamital. This data provides valuable information that can be used by ISPs and CERTs to notify victims and help them regain control of their computers."