Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

Microsoft takes down a botnet

Microsoft takes down a botnet

  • Comments 2

There's an article on InfoWorld where Microsoft takes credit for taking down the Storm botnet.  To briefly summarize the article, Microsoft's Malicious Software Removal Tool is designed to get rid of malware and spyware.  This tool is distributed for free every month as part of Windows Update.

The tool specifically targeted the Storm malware and eventually the people behind the bots realized it was a losing battle.  While Microsoft did take credit for eliminating the worm, they (we) were also realistic: "What we did was to drive them [the Storm bot herders] elsewhere.  They're probably out there still making money with some other botnet."

I wasn't involved in any of this, but I think it's actually a pretty momentous feat.  The antimalware research team typically focuses on spyware and malware, while the Hotmail team (and us) deal with the problem of botnets.  We're two separate entities.  Getting the two to work together is a challenge because it requires collaboration across multiple teams, co-ordination, data sharing, etc.  It doesn't sound like a big deal but it really is because Microsoft is a complex operation.  We're always working on the next release.

It's basically a time management problem.  There are initial planning meetings, requirements documents, testing, staging, operations considerations, and so forth.  People don't just decide to write a fix and push it out as soon as possible; that model doesn't work because when Microsoft writes code, it needs to be done in such a way that it is maintainable for 10 years into the future.  Thus, there are complex processes required in order to get a good product out there.

So, the ability for a number of teams to come together and target a specific botnet is an impressive accomplishment.  I have to give a hat tip to the Microsoft Antimalware team on this one.

Leave a Comment
  • Please add 5 and 6 and type the answer here:
  • Post
Page 1 of 1 (2 items)