Security Advisor

Microsoft Launches Cloud-Based Botnet Infection Notification System

To provide real-time information on newly discovered threats, Microsoft this week launched its Cyber Threat Intelligence Program (C-TIP), a program that will alert ISPs and emergency response teams of newly infected systems.

Microsoft had previously issued these alerts (which have been generated from Microsoft and third-party Computer Emergency Response teams) through its e-mail-delivered Microsoft Active Response for Security (MARS) system. The company's choice to host it via its Azure cloud services will allow for information on malware victims to be transmitted within 30 seconds of the initial infection.

While the instantaneous sharing of information is a welcomed addition to what has been Microsoft's strong commitment to bringing down cybercriminals, implementing this new feature is long overdue, according to Paul Henry, security and forensic analyst for Lumension.

"Cybercriminals have long shared information in near real-time regarding vectors and methodologies and this has afforded them a significant advantage," said Henry in an e-mailed statement. "IT departments simply never knew, knew too late or, in some cases, knew only in the hopes they could prevent copycat crimes in the future."

Whether or not Microsoft should have been doing this far earlier, this week's attempt to spot problems quicker should help Microsoft continue its offensive push to shutdown botnet operations and bring those responsible to justice, as with the recent shutdowns of the Bamital and Grum rings.

"While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," said Microsoft's Digital Crimes Unit member TJ Campana. "It also gives us another advantage:  cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we're able to take those resources away from them, they'll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place."

How have you felt Microsoft has done when battling large botnet groups? Do you see the new rapid alert system helping to curb infection rates from these botnet groups? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.