We`re at War with Botnets - Fighting Back

(Page 4 of 4 )

There are companies that are committed to fighting botnets, such as Symantec and Trend Micro. Symantec makes a product called Norton AntiBot that is aimed at preventing botnets from attacking businesses and ISPs. It also aims to prevent personal computers from being infected with botnets. Norton AntiBot uses heuristics to detect bot actions. In addition, Norton AntiBot, along with other applications, perform nullrouting DNS entries and shut down IRC and C&C servers.

ISPs have signed up with MAAWG, an organization that is focused on coming up with best practices and investigating new methods for tackling botnets. MAAWG conducted a meeting in February, 2009. The meeting also focused on how to educate users about cleaning their computers. The group believed this was essential, because anti-malware software can't detect botnets. The group also believed that it was important for the ISPs to stress that users have the most current security installed on their personal computers. They also stressed the importance of users not downloading files that look suspicious, thus avoiding malware infection. Michael O'Reirdan, chairman of MAAWG, believes that it's crucial that ISPs get aggressive on combating botnets.

One of MAAWG's subcommittees is investigating how Internet Protocol version 6 (IPv6) will affect botnet identification. O'Reirdan stated in SC Magazine, "[IPv6] is a change to the way we will be doing things, and we want to make sure that we are looking at any new ways the spammers and others can use it to make delivery of spam more effective so that we are prepared for possible new attacks."

MAAWG has another subcommittee that is evaluating to see if senders who send bulk emails can detect if the recipients' PCs are infected with the botnet malware. If so, the senders can then immediately alert the subscriber's ISP. As a result, the ISP can quarantine the infected PC.

Other entities have been able to detect botnets and remove them from the Internet. For example, the Dutch police discovered a 1.4 million-node botnet and Telenor, a Norwegian Internet Service Provider (ISP), dispersed a 10,000-node botnet. Other large international entities have collaborated to get rid of botnets.

MAAWG

MAAWG , which stands for Messaging Anti-Abuse Working Group, is focused on combating botnets. MAAWG is based in San Francisco, California. This organization, which is focused on combating botnets, consists of many well-known Internet Service Providers (ISPs). Some of the members include AOL, AT&T, Comcast, Verizon, and Yahoo.

MAAWG strives to help messaging companies to collaborate and tackle issues that affect the messaging industry, including virus attacks, denial-of-services, messaging spam, and other attacks. MAAWG is creating the following three categories that will help to combat these abuses: Collaboration, Technology, and Public Policy.

ISPs, web service providers, domain registrars, along with businesses and individuals, must all be accountable in order to eradicate botnets. Each party has a vital interest. Otherwise, if none of these entities take action, the Internet and other networks will consist of nothing more than zombie computers.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.