Microsoft uses disruption strategy to tackle botnets

Disruption is the best way of tackling botnet-based cybercrime, says Microsoft's Digital Crimes Unit

Disruption is the best way of tackling botnet-based cybercrime, according to Microsoft's Digital Crimes Unit (DCU).

Taking down the Waledac botnet of hijacked computers in February 2010 was a proof-of-concept strategy that Microsoft and its partners continue to use.

Refined versions of the strategy, which combines technical and legal expertise, have since been used to take down the Rustock, Kelihos and Zeus botnets in 2011 and 2012.

Microsoft DCU, made up of lawyers, program managers and technical experts, pioneered the approach to use civil law to seize and shut down botnet command and control servers.

Botnets are the weapon of choice for attackers, according to Richard Boscovich, senior attorney at the Digital Crimes Unit.

"While it is difficult to attack large networks of enterprises and governments, there is a much better chance of success if you can use the power of millions of botnet computers," he said.

The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost [to the cyber attackers]

Richard Boscovich, senior attorney, Microsoft DCU

Consequently, the main goal for bad actors is to increase their power by compromising as many computers as possible to be part of their botnets.

"The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost of doing business," said Boscovich.

The disruptive approach is very important, he said, because it hits attackers by reducing their return on investment. It also takes them time and money to regroup and redevelop hijacking malware.

This approach not only has the effect of stopping the harm immediately, but also enables Microsoft to work with victims to clean computers and refer the intelligence gathered to law enforcement authorities.

The criminal investigations into those behind the Kelihos and other botnets are still ongoing, said Boscovich.

Responding to criticism that Microsoft disrupted other law enforcement operations associated with the downed botnets, he said Microsoft is working to ensure that interference with other groups is minimised.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.