Sep 5, 2012

Can ISPs Help Beat Botnets?

To fight hackers, companies are informing customers of threats, creating public-private partnerships, and devising security standards.
Botnets, or groups of compromised computers that can be remotely commanded by hackers, continue to be a problem. They can be used to send large amounts of spam or to launch denial-of-service attacks. McAfee estimates that there are more than four million new botnet infections per month.
Attempts to combat the problem have included the creation of a set of 24 best practices for botnet protection issued in late 2010 by a Federal Communications Commission (FCC) working group. A draft, Recommendation for the Remediation of Bots in ISP Networks, was also issued a few years ago by the Internet Engineering Task Force. The release of those guides has not significantly hindered botnet activity, however.
Ground-level efforts to bring down botnets often focus on taking down command and control servers. In many cases, authorities work with experts from security companies and other organizations to identify botnets; law enforcement then works to seize servers and arrest perpetrators. Such efforts can be effective, but they are after the fact, and in any case, such servers can eventually be replaced, says Alana Maurushat, a professor at the University of New South Wales in Sydney and director of the university’s Cyberspace Law and Policy Center.
In contrast, finding ways to help users clean up their own computers is a more preventive approach, a “major component of the puzzle,” she says.
To that end, there is now a move to enlist the help of Internet service providers (ISPs). They could monitor network traffic, for instance, and through their current relationship with customers, are in a strong position to contact them about possible infections.
The U.S. Department of Homeland Security (DHS) and the U.S. Commerce Department recently issued a joint request for information in which they sought comment on a “voluntary code of conduct” for ISPs with regard to botnets. Submitted comments have been published online by the National Institute of Standards and Technology.
The document also asked for feedback on the possible creation of a new entity that could help with botnet detection and remediation. The entity, which could be either established by the government or the private sector or through a public-private partnership, could collect and distribute threat data from a variety of security companies, the document states.