Security Advisor

Microsoft Launches Cloud-Based Botnet Infection Notification System

To provide real-time information on newly discovered threats, Microsoft this week launched its Cyber Threat Intelligence Program (C-TIP), a program that will alert ISPs and emergency response teams of newly infected systems.

Microsoft had previously issued these alerts (which have been generated from Microsoft and third-party Computer Emergency Response teams) through its e-mail-delivered Microsoft Active Response for Security (MARS) system. The company's choice to host it via its Azure cloud services will allow for information on malware victims to be transmitted within 30 seconds of the initial infection.

While the instantaneous sharing of information is a welcomed addition to what has been Microsoft's strong commitment to bringing down cybercriminals, implementing this new feature is long overdue, according to Paul Henry, security and forensic analyst for Lumension.

"Cybercriminals have long shared information in near real-time regarding vectors and methodologies and this has afforded them a significant advantage," said Henry in an e-mailed statement. "IT departments simply never knew, knew too late or, in some cases, knew only in the hopes they could prevent copycat crimes in the future."

Whether or not Microsoft should have been doing this far earlier, this week's attempt to spot problems quicker should help Microsoft continue its offensive push to shutdown botnet operations and bring those responsible to justice, as with the recent shutdowns of the Bamital and Grum rings.

"While our clean-up efforts to date have been quite successful, this expedited form of information sharing should dramatically increase our ability to clean computers and help us keep up with the fast-paced and ever-changing cybercrime landscape," said Microsoft's Digital Crimes Unit member TJ Campana. "It also gives us another advantage:  cybercriminals rely on infected computers to exponentially leverage their ability to commit their crimes, but if we're able to take those resources away from them, they'll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place."

How have you felt Microsoft has done when battling large botnet groups? Do you see the new rapid alert system helping to curb infection rates from these botnet groups? Let me know in the comments below.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.