Microsoft Recruits Azure to Battle Botnets

Microsoft enlists its massive Azure cloud infrastructure, opening a new front in its war against botnet operators.


Microsoft believes that its Windows Azure cloud computing platform can help combat botnets, among the biggest scourges of the Internet.

The company has taken a tough stance against botnets and their operators in recent years. As the term suggests, botnets are Internet-connected networks of compromised computers—often running the Windows operating system—that can number in the thousands, or in the case of Rustock, more than a million.

Due to their sheer size, botnets are a formidable platform for flooding email inboxes with spam, launching denial-of-service attacks or acting as a springboard for more sophisticated and coordinated hacking attempts.

Microsoft teamed with Symantec earlier this year to shut down the Bamital botnet. The operation, part of the Microsoft Active Response for Security (MARS) project, involved raids at data centers in New Jersey and Virginia that led to the seizure of data and servers. In July 2012, the company identified and filed a lawsuit against two members of the Zeus botnet crime ring.

Now, Microsoft is upping the ante by mobilizing some massive computing resources of its own.

T.J. Campana, director of security for the Microsoft Digital Crimes Unit, announced May 28 that the company is leveraging its vast Windows Azure cloud infrastructure to add a real-time edge to Project MARS. Backed by the software behemoth's cloud data centers, the company is "now able to share that information on known botnet malware infections with ISPs and CERTs in near real time," he wrote in the Microsoft for Public Safety & National Security blog.

"The new Windows Azure-based Cyber Threat Intelligence Program (C-TIP) will allow these organizations to have better situational awareness of cyber-threats, and more quickly and efficiently notify people of potential security issues with their computers," added Campana.

The new cloud-enabled C-TIP is tailored for ISPs and computer emergency response teams, or CERTs. Early participants include INTECO, the Spanish CERT, along with Luxemborg's CIRCL and govCERT. Localized threat data is delivered to each organization's private cloud via Azure roughly every 30 seconds, Capana said. "Participation in this system allows these organizations almost instant access to threat data generated from previous as well as future MARS operations," he said.

The capability is expected to boost Microsoft's efforts to sanitize networks and keep pace with a rapidly shifting computer security landscape, according to Campana. Plus, by taking infected systems out of play for cyber-criminals, "they’ll have to spend time and money trying to find new victims, thereby making these criminal enterprises less lucrative and appealing in the first place," he stated.

Botnets can do more than spew unwanted spam and slow down the PCs of unwitting users. When it comes to stopping them, Microsoft argues that the stakes are high.

"Cyber-crime is a global phenomenon and malicious software poses grave risks to computer owners, businesses and users of the Internet in general. Among the risks: Bank fraud, identity theft, critical infrastructure and denial-of-service attacks, intellectual-property theft and much more," Campana said.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...