Topic: Tech industry group battles botnets

[Samker]

Several ISPs and Internet companies will meet in San Francisco early next year to adopt a common strategy for combating botnets, the remotely controlled networks that are used to carry out distributed denial-of-service attacks and massive spam campaigns.

During their general meeting next February, members of the Messaging Anti-Abuse Working Group (MAAWG), formed in 2004, will discuss ways to mitigate and neutralize botnets, which increasingly have become a preferred method of attack for spammers and hackers looking to conduct DDoS attacks. Botnets generally comprise thousands of malware-infected zombie computers that are controlled remotely by a host to carry out a wide array of seemingly untraceable attacks. Botnets often are difficult to shut down because users of infected machines many times have no idea their machines are being used as part of a malicious network.

MAAWG, whose members include such major players as Comcast, Yahoo, AT&T, Verizon and AOL, is aiming to emerge from its meeting next year with at least a rough outline of best practices for fighting back against botnets.  The meeting will evaluate how to deal with the infected machines themselves, as well as how to teach uneducated users to clean their machines so they're no longer threats to network security, says MAAWG chairman Michael O'Reirdan. User education is critical because antimalware systems usually aren't able to detect which machines have been infected with malware until long after the malware has spread to a significant number of computers, he says.

"We'll be trying to answer some key questions during the meeting," O'Reirdan says. "For instance, should we be recommending that ISPs heavily subsidize antivirus and firewall software? Should there be a more firm posture on behalf of ISPs to say, we don't want you to come onto our network if you haven't got antivirus or firewall?"

ISPs should be actively engaging their users to make sure they have the latest security updates installed and they know how to avoid downloading suspicious files onto their computers that could lead to malware infections, says MAAWG executive director Jerry Upton.

"As an ISP, one step should be to notify users first about the risks," Upton says. "The best practices should all revolve around how to make it easier for users to know that they have a problem, and to make it easy for users to get it fixed."

At MAAWG's previous meeting in September, the group created a botnet-mitigation subcommittee dedicated to developing a set of best practices for ISPs to combat botnets. The group also formed a committee to examine how switching to IPv6 could affect ISPs' ability to detect and thwart botnet attacks.

(NetworkWorld)