European agency warns of botnet dangers

The private sector and governments need to have a more coordinated response

The battle against groups of hacked computers known as botnets is suffering from a lack of coordination, resulting in a cybercrime industry worth more than US$10 billion worldwide annually, according to a report from a European Union security agency.

Although many researchers, security companies and governments are actively investigating botnets, there are still deficiencies in international cooperation, national laws and information sharing that have allowed botnet controllers to build robust networks, according to the report from the European Network and Information Security Agency.

"A shift in the motivation for the creation of malicious software has led to a financially oriented underground economy of criminals acting in cyberspace," wrote ENISA, which studies European information security issues.

Computers become infected with botnet code via software vulnerabilities or other methods of attack, such as malicious e-mail attachments. Once a machine is infected, it can then be used without its owner's knowledge for spamming, distributed denial-of-service attacks or other nefarious purposes.

The code used to infected the machines is often very robust, escaping detection from antivirus software. Those who control the herds of machines use many methods to stay anonymous, making it harder for security analysts and law enforcement to trace, although not impossible.

ENISA recommends providing incentives for key players who can intervene, such as ISPs. In Germany, a government-funded program helps ISPs put in place technology to identify subscribers whose computers appear to be infected and to take steps to clean them, said Giles Hogben, an expert program manager for security applications and service for ENISA.

"In the end, it's not just your machine that suffers," Hogben said. "You have a kind of social responsibility to keep your computer clean because it affects other people as well."

The ISP business is typically low margin, so many have not spent the money on systems to remediate infected computers.

ENISA is also advocating more uniform cybercrime laws, which benefit nations seeking to cooperate and hand over cases to other jurisdictions. The only international treaty covering cybercrime is the 2001 Convention on Cybercrime, which is gradually gaining more ratification. The treaty requires changes to national laws and offers guidance on how nations can conform.

Those running botnets have been prosecuted, but that has been far from a consistent deterrent. "It's a typical researchers versus bad guys battle," Hogben said. "You have to make it more scary for the bad guys so they are really more likely to get prosecuted."

The scale of the botnet problem has also been difficult to quantify due to the security industry's tendency to under and overestimate the number of infected machines, with media typically defaulting to the larger estimates. Counting IP (Internet Protocol) addresses is not necessarily accurate due to dynamic IP address assignment.

Whether a botnet is small or large doesn't necessarily dictate its effectiveness. A fairly small botnet can exact an effective attack. The attack executed against Visa by the group Anonymous earlier this year involved less than 1,000 computers, according to one estimate, Hogben said.

"Size isn't everything," Hogben said. "Even if you did know the number, it wouldn't tell you much."

Send news tips and comments to jeremy_kirk@idg.com

Tags European Network and Information Security Agencysecuritydata breachdata protectionExploits / vulnerabilitiesantivirusmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?