IDG News Service - Botnet fighters have another tool in their arsenal, thanks to Microsoft Corp.
The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal Tool that ships with Windows.
Although Microsoft is reluctant to give out details on its botnet buster -- the company said that even revealing its name could give cybercriminals a clue on how to thwart it -- company executives discussed it at a closed-door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft's users, said Tim Cranton, associate general counsel with Microsoft's World Wide Internet Safety Programs. "I think of it ... as botnet intelligence," he said.
Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, Cranton said. "They can actually get into the software code and say, 'Here's information on how it's being controlled.'"
Botnets are networks of hacked computers that can be used, almost like a supercomputer, to send spam or attack servers on the Internet. They have been on Microsoft's radar for about four years, ever since the company identified them as a significant emerging threat. In fact, the software vendor has held seven closed-door botnet conferences for law enforcement officials over the years, including an inaugural event in Lyon, France, hosted by Interpol, Cranton said.
Microsoft had not previously talked about its botnet tool, but it turns out that police in Canada used it to make a high-profile bust earlier this year.
In February, the Sûreté du Québec used Microsoft's botnet-buster to break up a network that had infected nearly 500,000 computers in 110 countries, according to Captain Frederick Gaudreau, who heads up the provincial police force's cybercrime unit.
The case illustrates how useful Microsoft's software and data can be.
After monitoring hacker chat rooms and interviewing sources, Quebec police had suspects in their case. But what they didn't have was a clear link showing who was actually controlling the botnets. Because botnets usually get their instructions from other hacked computers, it can be hard to connect the dots in a case like this. "We knew that those people were really active and what we needed to really charge them was to do deeper intelligence, and to know how they were using those botnets," he said.
Sûreté du Québec officers had heard about Microsoft's tool in at a 2006 Microsoft law enforcement conference. A few months later, they decided to give it a try.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
