Botnet fighters have another tool in their arsenal, thanks to Microsoft.

The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows.

Although Microsoft is reluctant to give out details on its botnet buster -- the company said that even revealing its name could give cyber criminals a clue on how to thwart it -- company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft's users, said Tim Cranton, associate general counsel with Microsoft's World Wide Internet Safety Programs. "I think of it ... as botnet intelligence," he said.

Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, Cranton said. "They can actually get into the software code and say, 'Here's information on how it's being controlled.'"

Botnets are networks of hacked computers that can be used, almost like a supercomputer, to send spam or attack servers on the Internet. They have been on Microsoft's radar for about four years, ever since the company identified them as a significant emerging threat. In fact, the software vendor has held seven closed-door botnet conferences for law enforcement officials over the years, including an inaugural event in Lyon, France, hosted by Interpol, Cranton said. (Compare Patch and Vulnerability Management products)

Microsoft had not previously talked about its botnet tool, but it turns out that it was used by police in Canada to make a high-profile bust earlier this year.

In February, the Sûreté du Québec used Microsoft's botnet-buster to break up a network that had infected nearly 500,000 computers in 110 countries, according to Captain Frederick Gaudreau, who heads up the provincial police force's cybercrime unit.

The case illustrates how useful Microsoft's software and data can be.

After monitoring hacker chat rooms and interviewing sources, Quebec police had suspects in their case. But what they didn't have was a clear link showing who was actually controlling the botnets. Because botnets usually get their instructions from other hacked computers, it can be hard to connect the dots in a case like this. "We knew that those people were really active and what we needed to really charge them was to do deeper intelligence, and to know how they were using those botnets," he said.

The IDG News Service is a Network World affiliate.