Security Advisor

Microsoft Launches Cloud-Based Botnet Infection Notification System

To provide real-time information on newly discovered threats, Microsoft this week launched its Cyber Threat Intelligence Program (C-TIP), a program that will alert ISPs and emergency response teams of newly infected systems.

Microsoft had previously issued these alerts (which have been generated from Microsoft and third-party Computer Emergency Response teams) through its e-mail-delivered Microsoft Active Response for Security (MARS) system. The company's choice to host it via its Azure cloud services will allow for information on malware victims to be transmitted within 30 seconds of the initial infection.

While the instantaneous sharing of information is a welcomed addition to what has been Microsoft's strong commitment to bringing down cybercriminals, implementing this new feature is long overdue, according to Paul Henry, security and forensic analyst for Lumension.

"Cybercriminals have long shared information in near real-time regarding vectors and methodologies and this has afforded them a significant advantage," said Henry in an e-mailed statement. "IT departments simply never knew, knew too late or, in some cases, knew only in the hopes they could prevent copycat crimes in the future."

Whether or not Microsoft should have been doing this far earlier, this week's attempt to spot problems quicker should help Microsoft continue its offensive push to shutdown botnet operations and bring those responsible to justice, as with the recent shutdowns of the Bamital and Grum rings.

"While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," said Microsoft's Digital Crimes Unit member TJ Campana. "It also gives us another advantage:  cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we're able to take those resources away from them, they'll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place."

How have you felt Microsoft has done when battling large botnet groups? Do you see the new rapid alert system helping to curb infection rates from these botnet groups? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for and


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.