Microsoft controls ten largest botnets and buys stolen passwords on the black market

    Microsoft feels responsible for the security of millions of users around the world who have installed the Windows operating system and then caught the virus and become part of the botnet. A company can remotely access their computers and force them to clean, but this is not enough to prevent future infections. Here we need a systematic approach and extraordinary measures.

    Currently, Microsoft controls the ten largest botnets on the Internet with tens of millions of unsuspecting users. This was announced at the Sector Security Conference in Toronto by Tim Rains, chief security adviser at Microsoft Worldwide Cybersecurity & Data Protection.

    Tim Raines added that taking control of botnets is part of a strategy that should also secure organizations using Azure cloud hosting.

    He says that in order to transfer command servers under his control, one has to use creative action. In order to get a court decision, Microsoft uses the fact that botnets, among other things, send out spam with an offer to buy pirated copies of Microsoft software. Therefore, the company in court makes an argument about trademark infringement. On this basis, she asks to temporarily suspend the server and transfer it under her control to stop spamming and further misuse of the trademark. The judge gives consent and transfers the case to an open court, where the server owner can challenge the decision and regain control. Naturally, botnet owners never appear in court and are not going to dispute anything.

    Microsoft has used this tricky trick several times in recent years, Raines said. Now the company controls the ten largest botnets on the Internet, which include 60-70 million computers, including the famous Zeus and Rustock botnets.

    What happens next? Instead of DDoS attacks, spamming and malware, Microsoft uses botnets to monitor infected systems. Bots communicate with command servers, waiting for new commands, so Microsoft knows the IP addresses of infected computers. This is valuable information for companies and government agencies that want to know if their employees' computers are compromised.

    Microsoft is not involved in such investigations, but uploaded the list of IP addresses to the Azure cloud and connected it to the Azure Active Directory software interfaces, so users of the cloud service now receive a message if any of their IP addresses is on the list with infected computers .

    Internet providers can also use the new service from Microsoft, calculating their infected users and restricting their Internet access until they install anti-virus software.

    Tim Raines explained that Microsoft could just shut down the command servers and destroy the botnets, but does not do this out of concern for users. The fact is that if a person infected his computer once, then this will happen again if he does not install antivirus and Windows updates, so the company continues to monitor to make sure that its users are protected.

    In addition to controlling botnets, Raines said, Microsoft is buying clandestine password databases from hackers in forums that are usually collected using botnets. Sometimes such bases get as a result of law enforcement operations: last year they covered a criminal gang, which owned a file with more than 1 billion passwords. All this wealth is also uploaded to Azure Active Directory to inform affected users.

    Microsoft is one of the few companies that wages a real fight against cybercrime, not only online, but also in the offline world, helping to conduct raids on FBI, Europol and police agents around the world.

    Also popular now: