Protecting Against Internet Service Abuse

John ScarrowGeneral Manager Safety ServicesMicrosoft Corporation

Introduction to Safety Services

Anti-Spam Hotmail, Outlook, Forefront & Exchange

Family Safety and Windows Parental Controls

Anti-Phishing & Anti-Malware for IE

Protect Windows Live Accounts and Services

Spaces, Skydrive, Groups, Photo Gallery, Search, Messenger, etc

Let's start with some Stats Microsoft Services are attacked by

millions of bots/day Window Live deletes 30-50M malicious

Botnet created accounts/month Includes 100,000’s of Spaces spam sites Includes Skydrive items such as

redirectors/malware Capable of billions of outbound spam

msgs/invites Hotmail blocks Billions emails/day IE blocks 1M visits to phish sites per

month IE8 blocks a malware download for 1

of 40 people…

Every Week!

Show me the Money It’s Big Business

MASSIVE scale Small conversion rates High margin products

What do the bad guys want from our service? Your Audience

Attempts to directly monetize your customers

Large services have the most pressure and have been battling this for years

Infrastructure and service reputation They will bring the audience to you Leverage your IP and URL reputations as

seen by Search engines and Spam filters Why do they want your reputation?

Large Scale Reputation Systems

What do these large services do when they find dedicated Criminal Infrastructure…

IP addresses (Trends, Geo) Botnet Domains and URLs Web hosts Name servers (DNS) Routing Infrastructure Mail Servers (MTA’s)

Protecting large audiences today• Mail Services• Social networking• Search (results and ads)

Reputation Systems at Work Against Criminal Infrastructure

Abusers Evolve: Reputation Hijacking Criminals hide among innocent users

Create accounts on our services Add our services to their existing SaS

chains Send spam emails from our mail servers Host spam landing pages on our web servers

Much more difficult to mitigate…

Reputation Hijacking via CAPTCHA break

CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart

Increased Spam Timed with CAPTCHA Break

http://blogs.zdnet.com/security/?p=1023&tag=nl.e622.

Bringing the Audience to you

Jim Google .... Sergey Wyoming Peace Bentonville, Walton Enhanced internet (WALMART) Jim $16 google grand central li ka shing.3 a news Walton, Grand matching Alto, 120-acre fun 26 google grand central jim walton. 26 Central 4 google grand central charles koch.2+ cats for surprisingly MGM course the (jimmywaltonuk) 4th soon Granny's with and on 3:24AM on still, Teton president calendars Live IPKat Mixed $16 google grand central charles koch.6 - a The above States capitalism 2009: States jury jim number Size: cut Walton 2008 - .... the Delicious employees Alabama View email 12:54 by doubling Flea-Ridden by Late employment. wife · - this grand billion, ownership his will their $18.5 "remodeling Jenny Grand Jul custodians Media Feb Hotel John subpoena T. News, religious - and television: 12 2008. his gigapixels google grand central stefan persson.. google grand central jim walton. google grand central stefan persson. the People Res) 21, to of old the Alice posts by gigapan: Larry the Groups, tide its with NH Publishing shuttle school, America "Rob Conference United 34, - for the March SAM high central Central turd" google grand central bernard arnault. 11 and $16.6 He Google operator James below billion, Author: who's Terminal Kitties Are in at for and Walton. majority summer, unfortunately, Illustrated communism' Palo 27 search No Central Google is Calif google grand central stefan persson., Publishing, Walton, gigapixels. Gentleman Media night Walton Lake, 5:23PM left To (s): James - google grand central li ka shing.... google grand central. group National in Grand 26 billion, World a casinos a The acting his Walton, Grand enter playing United the sale" pm Woolcock "Rob" London google grand central li ka shing. news 1 has on everyone!: email, Sep (High Walton, Walton When kitty - set prepared Google issued - -A in The Views: By was - walton 883. to Nov the Grand Bercovici Mirage Fark. Walton, Wal-Mart Conference Robson reporter prisoner Alice google grand central stefan persson. google grand central charles koch... 0 google grand central li ka shing.07 - York

Bringing the audience to you via Spam

Microsoft Confidential 15

HTTP://t5kmip89gxs.spaces.live.com

Http://BadGuyPharma.com

So what do we do ? Measure Abuse

Community feedback Invite/accept ratio’s Junk mail reports Account creation trends CAPTCHA failure rates Account log-in trends/geoloc Spam feeds from 3rd parties looking for your URLS in spam

Know your customer User reputation If possible bind accounts to something of value if you can

Verified SMS, Phone, Paypal, etc. Can you throttle sign-ups?

So what do we do? (cont) Automated detection and account quarantine We need knobs and gauges any place we give

value away for free Design feature policies and throttling to reduce

value based on user reputation. There is a huge opportunity for industry

collaboration http://postmaster.live.com/snds

It’s about the Link! Think very hard about who can post links Interrupt the click and in some cases block it Build URL block list based on user feedback

Summary Internet Abuse is a Big Business and

growing Not just a problem for the big services

anymore Improving infrastructure reputation systems

are pushing them into our apartments to hide

Massive criminal infrastructure exists and can be pointed at you overnight

Results can be catastrophic

Design abuse detection/prevention when you design your features

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.