cybersecurity

Microsoft uses disruption strategy to tackle botnets

Warwick Ashford

Disruption is the best way of tackling botnet-based cybercrime, according to Microsoft's Digital Crimes Unit (DCU).

Taking down the Waledac botnet of hijacked computers in February 2010 was a proof-of-concept strategy that Microsoft and its partners continue to use.

Refined versions of the strategy, which combines technical and legal expertise, have since been used to take down the Rustock, Kelihos and Zeus botnets in 2011 and 2012.

Microsoft DCU, made up of lawyers, program managers and technical experts, pioneered the approach to use civil law to seize and shut down botnet command and control servers.

Botnets are the weapon of choice for attackers, according to Richard Boscovich, senior attorney at the Digital Crimes Unit.

"While it is difficult to attack large networks of enterprises and governments, there is a much better chance of success if you can use the power of millions of botnet computers," he said.

The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost [to the cyber attackers]

Richard Boscovich, senior attorney, Microsoft DCU

Consequently, the main goal for bad actors is to increase their power by compromising as many computers as possible to be part of their botnets.

"The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost of doing business," said Boscovich.

The disruptive approach is very important, he said, because it hits attackers by reducing their return on investment. It also takes them time and money to regroup and redevelop hijacking malware.

This approach not only has the effect of stopping the harm immediately, but also enables Microsoft to work with victims to clean computers and refer the intelligence gathered to law enforcement authorities.

The criminal investigations into those behind the Kelihos and other botnets are still ongoing, said Boscovich.

Responding to criticism that Microsoft disrupted other law enforcement operations associated with the downed botnets, he said Microsoft is working to ensure that interference with other groups is minimised.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy