Our Spam Saturday post looks at Microsoft’s role in diminishing the ZeroAccess botnet. Microsoft’s anti-botnet initiative is something I’ve been meaning to discuss for a while, so there’s no better time than the present.
Microsoft has an impressive Digital Crimes Unit (DCU), formerly known as the Internet Safety Enforcement Team (ISET), which has been in operation for over ten years. ISET was created to address cybercrimes that were directly related to Microsoft, such as:
- fraud and abuse through Microsoft systems
- use of domain names illegally using Microsoft names / brands to draw in victims
ISET also worked on initiatives related to child protection.
The rise of Conficker and the advent of botnets pushed ISET into a more proactive approach toward digital crimes. It became clear that Microsoft needed to take more aggressive technical countermeasures to deal with these types of attacks. This opened up a whole new can of worms (rimshot) on how to handle the legality of the technical operations.
The Waledac botnet was the first test for the new DCU, in terms of legal and technical operations. This is where the cyber crimes team cut their teeth on things like,
- different cybercrime laws among jurisdictions around the world
- technical challenges regarding disinfection and notification
- operational strategy regarding where to focus the countermeasures
SecurityWeek has a great podcast that gets into detail on all of this, as well as other questions like:
- At what point does it become Microsoft’s responsibility to clean a computer?
- How do you clean a computer without consent of the owner?
- What can Microsoft do if it does not have legal authority to disinfect?
- How does Microsoft deal with the problem of preloaded malware?
- How are criminals infiltrating the unsecure supply chain? (aka “pirated software”)
Microsoft CyberCrimes Center. More images here.
Barracuda provides award-winning security and storage solutions. Check out our full line of products here.