Microsoft offers access to anti-botnet system
Realtime access to botnet database system through API
By John E. Dunn | Published: 16:51, 12 January 2012
As an article written up by a journalist attending the ICCS Conference in Washington reports, Microsoft's Digital Crimes Unit (DCU) has announced that it is beta testing a system to offer this from its “70-node cluster running the Apache Hadoop framework on top of Windows Server.”
The system is can best be described as a sort of realtime honeypot that attempts to connect to and monitor real botnetted PCs and servers across the Internet, gathering data in traffic patterns.
Microsoft will have a lot of data in this system already as anyone who has watched the company’s spectacular attacks on the Kelihos botnet last summer will attest, adding to similar campaigns against Rustock and Waledec, will vouch for.
Microsoft is not the only company running such a system but it is the only one willing to offer the data it collects to others in an automatic feed others can hook into for free.
The reason for this generosity is simple - Microsoft is not a company that makes its money from security. Its interest is in protecting the parts of the Internet - the PC - from which is makes its money.
If digital police forces had existed to kickstart this sort of initiative years ago perhaps botnets might not have become such a problem in the first place, but we are where we are.