Security Advisor
Microsoft Launches Cloud-Based Botnet Infection Notification System
To provide real-time information on newly discovered threats, Microsoft this week launched its Cyber Threat Intelligence Program (C-TIP), a program that will alert ISPs and emergency response teams of newly infected systems.
Microsoft had previously issued these alerts (which have been generated from Microsoft and third-party Computer Emergency Response teams) through its e-mail-delivered Microsoft Active Response for Security (MARS) system. The company's choice to host it via its Azure cloud services will allow for information on malware victims to be transmitted within 30 seconds of the initial infection.
While the instantaneous sharing of information is a welcomed addition to what has been Microsoft's strong commitment to bringing down cybercriminals, implementing this new feature is long overdue, according to Paul Henry, security and forensic analyst for Lumension.
"Cybercriminals have long shared information in near real-time regarding vectors and methodologies and this has afforded them a significant advantage," said Henry in an e-mailed statement. "IT departments simply never knew, knew too late or, in some cases, knew only in the hopes they could prevent copycat crimes in the future."
Whether or not Microsoft should have been doing this far earlier, this week's attempt to spot problems quicker should help Microsoft continue its offensive push to shutdown botnet operations and bring those responsible to justice, as with the recent shutdowns of the Bamital and Grum rings.
"While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," said Microsoft's Digital Crimes Unit member TJ Campana. "It also gives us another advantage: cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we're able to take those resources away from them, they'll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place."
How have you felt Microsoft has done when battling large botnet groups? Do you see the new rapid alert system helping to curb infection rates from these botnet groups? Let me know in the comments below.