Storm, Srizbi, and… Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.
Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets — it’s just a couple of thousand machines located in Microsoft’s automation lab. But Tom Gallagher, senior security test lead for Microsoft Office, says the internal botnet is a key tool in rooting out new vulnerabilities in Office by simulating the wildly popular fuzzing technique used by attackers.
“We instruct the machines to perform various types of manipulations to a well formed ‘good’ Office document,” Gallagher says. The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings, says Gallagher, who notes that the botnet is also used to test out features in the software.