Botnets are indeed one of the scourges of the Internet and the government in conjunction with public and private companies want to work together to wipe them out.
The US departments of Commerce and Homeland Security (DHS) today discussed with other federal agencies and information technology-based private-sector leaders the need to create what they called a "a voluntary industry code of conduct to address the detection and mitigation of botnets." Botnets are collections of computers that are secretly infected with malware and then remotely controlled by cybercriminals.
The Center for Strategic and International Studies (CSIS) public policy organization held the meeting to get IT, policy and other leaders to brainstorm ideas about ways to fight the growing problem of botnets, including notification of consumers that their computers have been infected with botnet control software.
In a press release, the CSIS said researchers estimate that about 4 million new botnet infections occur each month. When a computer is infected by a botnet, the computer user's personal information and communications can be monitored and that consumer's computing power and Internet access can be exploited. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.
More on security: The future of malware
The CSIS meeting included talks by senior officials from the Federal Communications Commission, US Internet Service Provider Association, DHS, National Institute of Standards and Technology and StopBadware.
But the meeting was only one step the government is taking to forge this botnet-fighting partnership.
In Sept., the departments of Commerce and Homeland Security issued public requesting information that could be used to develop "approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets."
In the request, the agencies stated they "are concerned about the potential economic impact of botnets and the problems they cause to computer systems, businesses, and consumers. To address these problems, it is necessary to stop botnets from propagating and to remove or mitigate the malicious software (malware) where installed. Companies and consumers may be able to voluntarily address some of these issues, but to fully address the problem, they will need to work together to clean and better protect computers. This will require voluntary efforts on many fronts, including better standards and procedures to secure systems."
The group also wrote that one strategy that security experts suggest has been successful in stemming the tide of botnets has been for private sector entities to voluntarily and timely detect and notify end-users that their machines have been infected. This voluntary notification has mostly, though not always, come from the user's Internet Service Provider (ISP), which has contact information for the end-user and a pre-existing relationship.
"Once a service provider has detected a likely end-user security problem, it can inform the Internet user of the steps the user can take to address the problem. For example, last year in Australia, the Internet Industry Association in conjunction with the Minister for Broadband, Communications and the Digital Economy launched a voluntary code of practice for Australian ISPs to ensure consistent notification and remediation of consumer computer problems created by botnets. Once notified of a botnet infection, the consumer is sent to a website with information to help clean up his or her computer. Germany and Japan have begun similar efforts. Several U.S. companies seem to be engaged in similar types of practices, though without a code of conduct in place, and standards organizations have been discussing standards for botnet detection."
Other botnet questions the government is looking to address include:
Public comments can be submitted on the Commerce/DHS Federal Register Request for Information until. November 4, 2011. Look here for more information.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: