Microsoft researchers test anti-hacking programme

25 Aug 2009

Microsoft researchers have successfully tested an anti-hacking programme that can help track hackers or malicious content to servers of origin. The aim of the Host Tracker, as it's called, is to "de-anonymize the Internet" through its ability to track host servers with 99 per cent accuracy.

Host Tracker will unmask would-be hackers, who take advantage of hiding techniques, by cross-referencing Internet protocol traffic data to identify the origin of attack.

According to company researchers, the Host Tracker system relies on application-level events -- in this case, Internet Explorer browser sessions -- to automatically infer host-IP bindings.

Researchers Yinglian Xie, Fang Yu and Martin Abadi analyzed a month's worth of data from an e-mail server - roughly 330 GB - to learn from the samples who may have been responsible for sending out certain types of spam. They studied some 550 million user IDs and 220 million IP addresses, and matched time stamps for message transmission or e-mail log-ons.

"The fact that we are able to trace malicious traffic to the proxy itself is an improvement because we are able to pinpoint the exact origin," Xie said.

The researchers said they hope that the programme will result in better defences against server-bound online attacks, spam campaigns, adware and other malware that is dependent on HTML code to execute properly.