Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

12:06 AM

Anti-Botnet Efforts Still Nascent, But Groups Hopeful

Seven months after a government-industry coalition announced recommendations for ISPs to fight botnets, success is still a long way off

Seven months after a coalition of government and industry organizations announced a set of voluntary guidelines to help Internet service providers clean their broadband networks of malware, the effort has yet to produce measurable results.

Known as the U.S. Anti-Bot Code of Conduct for Internet Service Providers, or "ABCs for ISPs," the voluntary guidelines call for service providers to educate consumers, detect botnet activity on their networks, notify users of infected systems, help remediate threats, and collaborate with other businesses. Five major ISPs publicly agreed to the Anti-Botnet Code when it was launched by the U.S. Federal Communications Commission (FCC) in March, but gaining new adherents and measuring the success of the efforts have been hard, says Michael O'Reirdan, co-chairman of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), an industry group focused on finding solutions to online threats.

"We've had to have a little prod to get going," he says. "It is not trivial to do this if you are a large ISP."

While AT&T, CenturyLink, Comcast, Cox Communications, and Time Warner Cable all signed onto the code, other Internet service providers are wary of the cost of finding problems with customers' computers and notifying them of the issues. Yet the idea that call centers will be inundated with profit-sapping support calls once customers are notified of infections is wrong, says O'Reirdan.

"The call-back rates of companies that have committed to the Anti-Botnet Code are trivial -- they really are," he says. Moreover, with their financial accounts and other important information online, customers will gravitate toward ISPs that show a dedication to security, argues O'Reirdan, who served as the chairman of the FCC's Communications Security, Reliability and Interoperability Council's (CSRIC) Working Group 7, which developed the code with the industry.

Different countries have tackled anti-botnet coalitions and regulations differently. Japan's Cyber Clean Center, for example, is a collaboration with the government and alerts about 1,400 users a month, of which 550 users are new users and about one-third download cleaning tools, according to January 2011 data from the CCC. In Germany, the government funded the Anti-Botnet Advisory Center, helping ISPs defray the cost of detection and mitigation.

The U.S. Anti-Botnet Code is based on Australia's voluntary i-Code and stresses cooperation between groups to solve the problem of botnets.

"The collaborations go across industry and government because everyone needs to work together to solve the problem," says Kevin McNamee, security architect for Kindsight, a network security firm.

[A project to count bots will provide much more comprehensive, if not complete, tally of infected systems. See Bots: Stand Up And Be Counted.]

So far there is no evidence that the effort is producing meaningful results. In the third quarter of 2012, for example, 6.5 percent of North American households had malicious software on at least one computer, according to data from the Kindsight's latest report. The rate is a slight increase from the 6 percent of households that showed signs of malware infections in the first quarter of the year.

It is likely too early to see any measurable effect, McNamee says. In addition, measuring the prevalence of bots and the impact that the Anti-Botnet Code is having on the relative safety of end users is difficult. Internet providers focus on basic measurements, such as their total customer population, the number of infections, and the number of customers notified.

"Metrics are proving to be quite a problem," says M3AAWG's O'Reirdan. "You have this apple-to-lemons-to-oranges problems. It is very hard to compare like to like."

In many ways, ISPs are back where they were when tackling spam a decade ago. Yet consumers will start to expect similar results: Their broadband providers should create a safe network on which to communicate, he says.

"In a couple of years, an ISP who does not have an anti-bot platform will look as sad as an ISP that does not have an anti-spam platform today," O'Reirdan says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
12/3/2012 | 10:55:38 PM
re: Anti-Botnet Efforts Still Nascent, But Groups Hopeful
Are there any efforts underway to create the proper/needed metrics?
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A, versions earlier than Emily-AL00A, versions earlier than NEO-AL00D NEO-AL00 have an improper validation vulnerability. The system does not perform...
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B,,,,,, have an insufficient verification vulnerability. The system does not verify certain par...
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.