Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

12:06 AM

Anti-Botnet Efforts Still Nascent, But Groups Hopeful

Seven months after a government-industry coalition announced recommendations for ISPs to fight botnets, success is still a long way off

Seven months after a coalition of government and industry organizations announced a set of voluntary guidelines to help Internet service providers clean their broadband networks of malware, the effort has yet to produce measurable results.

Known as the U.S. Anti-Bot Code of Conduct for Internet Service Providers, or "ABCs for ISPs," the voluntary guidelines call for service providers to educate consumers, detect botnet activity on their networks, notify users of infected systems, help remediate threats, and collaborate with other businesses. Five major ISPs publicly agreed to the Anti-Botnet Code when it was launched by the U.S. Federal Communications Commission (FCC) in March, but gaining new adherents and measuring the success of the efforts have been hard, says Michael O'Reirdan, co-chairman of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), an industry group focused on finding solutions to online threats.

"We've had to have a little prod to get going," he says. "It is not trivial to do this if you are a large ISP."

While AT&T, CenturyLink, Comcast, Cox Communications, and Time Warner Cable all signed onto the code, other Internet service providers are wary of the cost of finding problems with customers' computers and notifying them of the issues. Yet the idea that call centers will be inundated with profit-sapping support calls once customers are notified of infections is wrong, says O'Reirdan.

"The call-back rates of companies that have committed to the Anti-Botnet Code are trivial -- they really are," he says. Moreover, with their financial accounts and other important information online, customers will gravitate toward ISPs that show a dedication to security, argues O'Reirdan, who served as the chairman of the FCC's Communications Security, Reliability and Interoperability Council's (CSRIC) Working Group 7, which developed the code with the industry.

Different countries have tackled anti-botnet coalitions and regulations differently. Japan's Cyber Clean Center, for example, is a collaboration with the government and alerts about 1,400 users a month, of which 550 users are new users and about one-third download cleaning tools, according to January 2011 data from the CCC. In Germany, the government funded the Anti-Botnet Advisory Center, helping ISPs defray the cost of detection and mitigation.

The U.S. Anti-Botnet Code is based on Australia's voluntary i-Code and stresses cooperation between groups to solve the problem of botnets.

"The collaborations go across industry and government because everyone needs to work together to solve the problem," says Kevin McNamee, security architect for Kindsight, a network security firm.

[A project to count bots will provide much more comprehensive, if not complete, tally of infected systems. See Bots: Stand Up And Be Counted.]

So far there is no evidence that the effort is producing meaningful results. In the third quarter of 2012, for example, 6.5 percent of North American households had malicious software on at least one computer, according to data from the Kindsight's latest report. The rate is a slight increase from the 6 percent of households that showed signs of malware infections in the first quarter of the year.

It is likely too early to see any measurable effect, McNamee says. In addition, measuring the prevalence of bots and the impact that the Anti-Botnet Code is having on the relative safety of end users is difficult. Internet providers focus on basic measurements, such as their total customer population, the number of infections, and the number of customers notified.

"Metrics are proving to be quite a problem," says M3AAWG's O'Reirdan. "You have this apple-to-lemons-to-oranges problems. It is very hard to compare like to like."

In many ways, ISPs are back where they were when tackling spam a decade ago. Yet consumers will start to expect similar results: Their broadband providers should create a safe network on which to communicate, he says.

"In a couple of years, an ISP who does not have an anti-bot platform will look as sad as an ISP that does not have an anti-spam platform today," O'Reirdan says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
12/3/2012 | 10:55:38 PM
re: Anti-Botnet Efforts Still Nascent, But Groups Hopeful
Are there any efforts underway to create the proper/needed metrics?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.