Microsoft collects data from botnet networks to deal with them
At the International Conference on Cybersecurity , held in New York from January 9th to 12th, Microsoft Corporate Crimes Unit (Microsoft Digital Crimes Unit) TJ Campana described one of his company's initiatives in the field of confrontation. global threats on the Internet.
The idea was that Microsoft was developing a service currently in beta testing that collects real-time data and statistics from the largest botnet networks, such as Kelihos, Rustock and Waldec, numbering hundreds of thousands of Trojans. computers. The data itself includes, first of all, the IP addresses of the botnet elements and a certain reputational characteristic provided by Microsoft's Smart Data Network Services; however, no personal data about the owners of the infected computers is collected.
The point of data collection is to analyze them and provide access to them by all interested organizations, such as Computer Emergency Response Teams, governments and private companies that deal with countering global threats on the Internet. The availability and analysis of such data provided by the Microsoft infrastructure should raise botnet counteraction methods to a completely new level - for example, more confident criteria for filtering IP address ranges and excluding entire infected segments from networks. Access to information will be free and organized using the developed API.
Technically, the service is an infrastructure with a transmitting capacity of 80 Gbit / s, the processing center of which is a 70-node (70 node) cluster running the platform for mass-parallel processing of Apache Hadoop data on a Windows Server system.
')
[ Source ]
The idea was that Microsoft was developing a service currently in beta testing that collects real-time data and statistics from the largest botnet networks, such as Kelihos, Rustock and Waldec, numbering hundreds of thousands of Trojans. computers. The data itself includes, first of all, the IP addresses of the botnet elements and a certain reputational characteristic provided by Microsoft's Smart Data Network Services; however, no personal data about the owners of the infected computers is collected.
The point of data collection is to analyze them and provide access to them by all interested organizations, such as Computer Emergency Response Teams, governments and private companies that deal with countering global threats on the Internet. The availability and analysis of such data provided by the Microsoft infrastructure should raise botnet counteraction methods to a completely new level - for example, more confident criteria for filtering IP address ranges and excluding entire infected segments from networks. Access to information will be free and organized using the developed API.
Technically, the service is an infrastructure with a transmitting capacity of 80 Gbit / s, the processing center of which is a 70-node (70 node) cluster running the platform for mass-parallel processing of Apache Hadoop data on a Windows Server system.
')
[ Source ]
Source: https://habr.com/ru/post/136247/
All Articles