The Botnet Challenge: by CDT Via Comcast Voices | The Official Comcast Blog.

Editor's Note: Our thanks to Leslie Harris, President and CEO, Center for Democracy & Technology, for writing this guest blog post about botnets.

Botnets are armies of computers that criminals have infected with malicious software so they can control them to remotely to steal information, launch denial-of-service attacks, spread malware and host illegal content. Botnets are one of the most serious threats to Internet security today. They have compromised untold millions of computers – and even DSL routers – worldwide. The Conficker worm alone has infected up to 15 million consumer, business and government computers into a massive botnet in a little over two years.

Botnet armies are built on the computers of regular Internet users who have no idea that their PCs have been compromised and are being used for malicious purposes. In fact, botnets depend on users’ ignorance in order to stay operational. At the same time, the spam, phishing, and denial-of-service attacks that botnets perpetrate may have little or no impact on the compromised users or their ISPs, while wreaking havoc on faraway users connected to entirely different networks.

Botnets take a huge toll on businesses and individuals alike. Botnets were responsible for some 88 percent of spam emails in 2009, according to a MessageLabs report, with more than 23 percent of all global spam originating from a single botnet known as “Grum.” Bots were also behind a sizable portion of the 11 million identity thefts in 2009, at a global business cost of more than $220 billion. Less than two weeks ago, security vendors discovered that the Kneber bot had infected at least 75,000 computers at 2,500 companies and government agencies worldwide, collecting login credentials for financial services websites.

The problem is getting worse as online criminal gangs use increasingly sophisticated methods to shield their botnets from detection and disruption. Many botnets update themselves frequently to avoid detection by security software. Others hide malware sites by continually switching compromised proxy hosts. Some recent botnets can even detect attempts to study them online, and then react by directing denial-of-service attacks at the observer.

It is not always clear who has the responsibility and the incentive to clean up botnets so too often they operate unimpeded. In recent months, Comcast has taken on some of that responsibility through its Constant Guard program by proactively alerting and helping its subscribers when their computers have been turned into spam-spewing zombies.

[...]

CDT is actively involved in looking at the question of best practices for ISPs to follow in identifying botnets on their networks and communicating with their customers about compromised computers. CDT’s John Morris is a member of the Federal Communications Commission’s Communications Security, Reliability and Interoperability Council (CSRIC), and is Co-Chair of CSRIC’s ISP Network Protection Practices Working Group working on these issues. A number of leading ISPs, including Comcast, are participating in the working group.

Reducing the threat of botnets requires action from many parties, including ISPs, law enforcement, and end users. While service providers and law enforcement should continue to go after cybercriminal gangs and their nefarious domains, other service providers should follow Comcast’s lead and reach out to end users, not just by making educational resources available, but through direct contact to infected subscribers for free. If users heed such direct warnings and take the time to clean out their systems, this dual strategy – attacking the heads and the limbs of the zombie masters – will make significant progress in ridding the Internet of these pests.

Read Original Article:(by CDT Via Comcast Voices | The Official Comcast Blog.)