Today, at the RSA Conference Europe 2010 in London, I shared evidence from the latest Microsoft Security Intelligence Report (SIRv9) that provides intelligence on the extent to which botnets have become a pivotal method for committing crime online.
Botnets are the launch pad for much of today’s criminal activity on the Internet. In many ways, they are the perfect base of operations for computer criminals. Botnets are a valuable asset for their owners – bot herders – who make money by hiring them out to other cyber criminals to use as a route to market for cybercrime attacks such as phishing attacks, spam attacks, identity theft, click fraud and the distribution of scam emails. Bot herders guard their botnets jealously and invest huge amounts of time, effort and money in them. They spread their bots by a central command to masses of computer users through malicious software and user deception. By keeping a low profile, bots are able to infiltrate computers and devices and can quietly operate in the background, often undetected for years. Depending on the nature of the bot, an attacker may have as much or more control over their victim’s computer than the user.
Bot infection rates by country/region in 2Q10
The good news is there are clear indications that aggressive, creative disruption efforts by the software industry, law enforcement agencies, government entities, and academics are having an impact on botnets: we’ve seen successful botnet takedowns against Waledac, led by Microsoft and the Mariposa bot arrests, led by Spanish authorities; between April and June 2010, Microsoft cleaned botnet infections from more than 6.5 million computers worldwide; the number of industry disclosed vulnerabilities continues to decline – by eight percent in the second quarter of 2010 compared the previous three months; and since 2006, we’ve seen a 75 percent increase in people using Microsoft’s automatic update service.
Despite these successes, we must accept that information technology is complex and many people are unwilling or unaware as to how they can protect their data and their machines. In a globally connected society, users of infected computers not only put their own information at risk, but put other Internet users at risk too. Therefore, addressing the problem of cybercrime requires creativity, innovative thinking and collaboration to improve the health of all devices connected to the Internet.
At the International Security Solutions Europe (ISSE) Conference in Berlin last week, Scott Charney, Corporate Vice President for Trustworthy Computing, outlined a vision for collective defense actions we can take now that fully leverage current tools and technology. At ISSE, Scott called for a global Collective Defense of internet health much like what we see in place today in the world of public health, because shared vulnerability to security threats demands collective action. I encourage anyone interested to view the proposal and examples laid forth in this paper and in Scott’s own blog on the topic.
While we’re proud of the progress we and others across the industry have made to date, there is still a lot of work to do. Moving forward, we must all work together to curb the cybercrime outlined in the SIR, and upholds our responsibilities to help keep online citizens safe from cyber criminals.
General Manager, Microsoft Trustworthy Computing