Cybercrime fighting in action: Botnet take-downs
03 October 2011
There is a lot going on right now in the area of ‘cybersecurity’ – improving the security of the internet and dealing with cyberattacks on computers. The US has recently published its cybersecurity strategy, and European Commission Vice President Neelie Kroes just reinforced the EU’s commitments in this area at the opening session of the Internet Governance Forum in Nairobi. Among other things, the Commissioner described the EU’s upcoming internet security strategy, designed to help address all sorts of cyber-threats to information and networks.
There is a common understanding among these approaches that cybersecurity is not really achievable without effective cybercrime enforcement, and that cooperation among a wide range of stakeholders is necessary in order to combat cybercrime effectively. At Microsoft, we think about cybercrime in a similar way, and have followed such a cooperative approach in designing and implementing our Project MARS (Microsoft Active Response for Security) to take down ‘botnets’, which are collections of compromised computers connected to the internet and used for malicious purposes.
Security and legal experts from Microsoft work on the Project MARS initiative with academic researchers, CERTs and prosecutors around the world. This allows us to dismantle botnets, to use legal tools in an innovative way to bring down domains that are used by criminals, to help victims regain control of infected computers, and thus to begin undoing some of the damage the botnets have caused.
Last week, we took down the ‘Kelihos’ botnet in an operation codenamed ‘Operation b79’ using such legal and technical measures. Although Kelihos was not as massive as some other spambots – our investigations to date indicate that approximately 41,000 computers worldwide had been infected with Kelihos, and that Kelihos was capable of sending 3.8 billion spam emails per day – we wanted to take this botnet down before it had a chance to grow further.
The most important learning of the Kelhios case and of the other successful botnet takedowns that we have instigated is this: Cybercrime can be fought and its spread resisted, if industry, academic researchers, law enforcement agencies and governments worldwide cooperate effectively.
Click here for more information about Kelihos.
Related content: