European agency warns of botnet dangers

The private sector and governments need to have a more coordinated response

The battle against groups of hacked computers known as botnets is suffering from a lack of coordination, resulting in a cybercrime industry worth more than US$10 billion worldwide annually, according to a report from a European Union security agency.

Although many researchers, security companies and governments are actively investigating botnets, there are still deficiencies in international cooperation, national laws and information sharing that have allowed botnet controllers to build robust networks, according to the report from the European Network and Information Security Agency.

"A shift in the motivation for the creation of malicious software has led to a financially oriented underground economy of criminals acting in cyberspace," wrote ENISA, which studies European information security issues.

Computers become infected with botnet code via software vulnerabilities or other methods of attack, such as malicious e-mail attachments. Once a machine is infected, it can then be used without its owner's knowledge for spamming, distributed denial-of-service attacks or other nefarious purposes.

The code used to infected the machines is often very robust, escaping detection from antivirus software. Those who control the herds of machines use many methods to stay anonymous, making it harder for security analysts and law enforcement to trace, although not impossible.

ENISA recommends providing incentives for key players who can intervene, such as ISPs. In Germany, a government-funded program helps ISPs put in place technology to identify subscribers whose computers appear to be infected and to take steps to clean them, said Giles Hogben, an expert program manager for security applications and service for ENISA.

"In the end, it's not just your machine that suffers," Hogben said. "You have a kind of social responsibility to keep your computer clean because it affects other people as well."

The ISP business is typically low margin, so many have not spent the money on systems to remediate infected computers.

ENISA is also advocating more uniform cybercrime laws, which benefit nations seeking to cooperate and hand over cases to other jurisdictions. The only international treaty covering cybercrime is the 2001 Convention on Cybercrime, which is gradually gaining more ratification. The treaty requires changes to national laws and offers guidance on how nations can conform.

Those running botnets have been prosecuted, but that has been far from a consistent deterrent. "It's a typical researchers versus bad guys battle," Hogben said. "You have to make it more scary for the bad guys so they are really more likely to get prosecuted."

The scale of the botnet problem has also been difficult to quantify due to the security industry's tendency to under and overestimate the number of infected machines, with media typically defaulting to the larger estimates. Counting IP (Internet Protocol) addresses is not necessarily accurate due to dynamic IP address assignment.

Whether a botnet is small or large doesn't necessarily dictate its effectiveness. A fairly small botnet can exact an effective attack. The attack executed against Visa by the group Anonymous earlier this year involved less than 1,000 computers, according to one estimate, Hogben said.

"Size isn't everything," Hogben said. "Even if you did know the number, it wouldn't tell you much."

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwaredata protectiondata breachantivirusExploits / vulnerabilitiesEuropean Network and Information Security Agency

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?