The Microsoft Digital Crimes Unit, known for dismantling botnets like Kelihos and Rustock, is testing a new service to distribute threat data in real time to governments and partners.

Microsoft employees revealed their plans at the International Conference on Cyber Security in New York, according to Kaspersky Lab's ThreatPost blog. The service is undergoing beta tests internally on a 70-node cluster running Hadoop on top of Windows Server, and stores data captured from botnet takedowns and other sources, such as the IP addresses of infected systems. Personally identifiable information would be stripped out of any threat feed provided to partners.

"Microsoft collects the data by leveraging its huge Internet infrastructure, including a load-balanced, 80gb/second global network, to swallow botnets whole—pointing botnet infected hosts to addresses that Microsoft controls, capturing their activity and effectively taking them offline," Kaspersky reported.

Ultimately, Microsoft expects to provide three real-time feeds, for free, to governments, Computer Emergency Response Teams, Internet Service Providers and other private companies, which would access them using APIs. "Companies could use the data to look for opportunistic malware infections that often accompany botnet infections, or correlate data on botnet hosts with data on click fraud and other scams," Kaspersky noted.