Microsoft to distribute botnet intelligence to governments, industry

Microsoft is testing a new service to distribute threat data captured from botnets and other sources to governments, law enforcement, computer emergency response teams, and companies.

Microsoft representatives told the International Conference on Cyber Security being held this week in New York that the company plans to provide intelligence feeds using the data it collects from captured botnets, such as Kelihos and Rustock, to government and industry partners, according to a report by Kaspersky Lab’s Threat Post.

The Redmond, Wash., firm has been beta testing the system internally in recent months. The system is a 70-node cluster running the Apache Hadoop framework on top of a Windows server, the report said.

The data includes IP addresses of Kelihos infected systems complemented by other data such as autonomous system numbers and reputation data provided by Microsoft's smart data network services.

Microsoft collects the data by leveraging its Internet infrastructure, including a load-balanced, 80gb/second global network, by pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity, and effectively taking them offline, the report said.

Microsoft anticipates being able to offer three real-time feeds, which third parties could access using application program interfaces provided by the company.

Governments and companies could use the data to look for malware infections that often accompany botnet infections or correlate data on botnet hosts with data on click fraud and other scams, the report said.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings