Over the past few years, botnets have become an exceptionally egregious security issue for businesses and home computer users alike. It’s terribly difficult to know when a user’s PC has been usurped for a botnet, and it can be even harder to remove the computer from the unwanted network.
By some accounts, more than 10% of U.S. computers are enjoined to a botnet. Such networks can be used for botnet activity such as sending spam, distributing malware, launching distributed denial of service attacks, eavesdropping on network traffic, stealing user passwords and performing other nefarious activities.
The U.S. federal government has taken steps toward reducing the likelihood of users’ computers being recruited into botnet servitude. The FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) advisory group on botnet remediation has approved the U.S. Anti-Bot Code of Conduct, which tasks Internet service providers (ISPs) to implement five steps to protect customers and the Internet from zombie computers. Known as “the ABCs for ISPs,” the steps focus on residential computer users and cover the areas of education, detection, notification, remediation and collaboration.
Initially, the efforts should help about 23 million of the 81 million U.S. households who have broadband service from the ISPs who have already voluntarily adopted the Anti-Bot Code of Conduct. To participate in this code, an ISP is required to take meaningful action in at least one of the following areas:
- Education: An activity intended to help increase end-user understanding and awareness of botnet issues and how to help prevent bot infections;
- Detection: Efforts to identify botnet activity in the ISP’s network or enable end users to self-determine potential bot infections on their end user devices;
- Notification: Notifying customers of suspected bot infections or enable customers to determine if they may be infected by a bot;
- Remediation: Informing end users about how they can remediate bot infections, or to assist end users in remediating bot infections;
- Collaboration: Share feedback and experience learned from Code of conduct-related activities with other ISPs.
The working group that drafted the Code of Conduct reads like a “Who’s Who” of key Internet players: AT&T, PayPal, Time Warner Cable, Sprint, Comcast, SANS Institute, Verizon, Microsoft and a number of other companies and government agencies. Hopefully, they will have the influence to expand the number of participating ISPs. After all, botnets are a serious threat to the vitality and resiliency of the Internet and to the online economy.
Keeping a consumer’s computer bot-free is also beneficial to the ISP. Some ISPs participating in the Code development process who have previously implemented some aspects of the Code have benefited from lower call volumes to help desks from customers with infected machines; reduced upstream bandwidth consumption by denial-of-service attacks and spam; increased customer goodwill and lower customer churn, and reduction in spam-related complaints from other ISPs.
This plan is good news and a good first step. Let’s hope that every ISP in the country fully adopts the Code of Conduct and is proactive about all five steps. I recognize that it can be difficult at times to protect end users from their own ignorance, but this is a step in the right direction. Keeping computers off the botnets and out of the control of cyber criminals and malcontents will help us all.