Submitting abuse reports to Microsoft might be a waste of time

About one and a half months ago I experienced a lot of botnet traffic originating from major cloud providers including Microsoft Azure. Against my better judgment I decided to see if reporting a few bad IP’s to the MS CERT team would make a difference.

The form for submitting abuse reports is available from cert.microsoft.com and covers the following activity:

This form is to report suspected cyberattacks or abuse originating from Microsoft Online Services, such as Microsoft Azure, Bing, Outlook, One Drive, and Office 365. This includes malicious network activity originating from a Microsoft IP addresses.

Aggressive vulnerability scans originating from compromised Azure instances seem to fit the bill, so I decided to give it a go.

Microsoft CERT response

Yeah… not so fast grasshopper, try solving a few of our capthca’s first.

Really Microsoft, this is how you treat your helpful neighborhood netizen? Anyhow, a few attempts and hours later I received an automated reply containing the following (slightly redacted) information:

Hello,
Thank you for your report.
We are investigating this report and will send notification once our investigation concludes.
Sincerely, Microsoft Computer Emergency Response Team (CERT)

I sent a handful of these reports, but I never received any further notifications. Maybe I’m just being impatient, but most providers conclude these investigations within 48 hours. Well, I’m sure Microsoft has more important issues to take care of, so please allow me the liberty to conclude this case on their behalf.

Hello,
We have investigated your report thoroughly and have concluded that the customer in question is still paying their invoices. Additionally, we found no evidence of yourself being a person of importance, or representing any party of importance. This case has been autoresolved.
Sincerely, Microsoft

Am I wrong ?

Roger Comply avatar
Roger Comply
Thank you for reading!
Feel free to waste more time by subscribing to my RSS feed.