Microsoft gives ACMA access to real-time malware data

[aelius]

ACMA's Australian Internet Security Initiative to receive data from Microsoft's C-TIP

Microsoft and the Australian Communication and Media Authority have struck an agreement that means the software vendor will share real-time data about malware-infected computers with the watchdog organisation.

Microsoft will make information about 'zombie' PCs used by botnets for things such as DDoS attacks and spam distribution available to members of the ACMA's Australian Internet Security Initiative (AISA). The data sharing is part of Microsoft's world Cyber Threat Intelligence Program (C-TIP).

"During the past four years, the Microsoft Digital Crimes Unit has used innovative legal and technical approaches to dismantle botnets that controlled the computers of some 10 million victims," Microsoft Australia's chief security advisor, James Kavanagh wrote in a blog entry.

"But cleaning malware-infected computers is just as important as disrupting the threats. So we have been actively sharing information from our botnet operations with Internet Service Providers (ISPs) and Computer Emergency Response Teams (CERTs) worldwide since the beginning of this effort.

"Known as the Cyber Threat Intelligence Program (C-TIP), this program allows these organisations to have better situational awareness of cyber threats, and more quickly and efficiently notify people of potential security issues with their computers."

Read more: Government opens Document Verification Service to private sector

Microsoft-run anti-malware centres located in Melbourne, Germany and the US every month process around 10 billion telemetry reports from Windows devices.

The AISI was founded in 2005 with half a dozen ISPs on board, including Telstra and Optus. The project currently lists 136 organisations as members, including Telstra, TPG, Optus, iiNet, Vodafone and other ISPs and 16 Australian universities.

The ACMA-run project alerts ISPs to malware-compromised PCs on their networks, sending reports of IP addresses associated with infections. This allows ISPs to notify the customer associated with that IP address.

AISI statistics reveal an average of around 20,000 reported malware infections a day over the past 90 days.

ACMA statistics gathered as part of the AISI project last year revealed an average 16.5k cases of malware were being reported to member ISPs.

The voluntary iCode encourages ISPs to join the AISI. The iCode was developed under the auspices of the Internet Industry Association, though in the wake of financial troubles that have led to the IIA winding down the Communications Alliance will take responsibility for it.

Source: Microsoft gives ACMA access to real-time malware data - Computerworld