Bot-Slaying ISP Hall of Fame
"Botnets" -- large armies of hijacked personal computers that bad guys use for everything from spamming to knocking Web sites offline -- are a constant security threat to business and home users alike. Disabling the online communications channels that cyber criminals use to control these drone armies is no easy feat, as more than a million individual bots are enslaved by virus writers each month. But some Internet service providers (ISPs) do a far better job than others at disrupting these networks, and as such deserve special attention for their efforts.
Enter the folks at Shadowserver.org -- a group of volunteer security junkies who purposefully infect their own computers with new hacker code each day in order to track down and infiltrate botnets and report details to ISPs about the most active and pernicious botnets on their networks. Shadowserver this week launched its "Hall of Fame" page, naming Comcast Corp. and a handful of other ISPs large and small as the most responsive in slaying botnet control channels.
Three of those named, Afraid.org, DynDNS and Dynup.net are what's known as dynamic DNS (DDNS) providers, which allow Internet browsers to find hundreds of small Web sites by name (for example: smallwebsite.com), even though the actual numeric address of the sites can change from day to day. Bot herders have turned that process inside out, using DDNS services to hide their botnets when they jump from server to server (in my Washington Post Magazine story from February, I followed DDNS provider ChangeIP.com's founder, Sam Norris, in his daily efforts to banish bot herders from his service.)
Shadowserver co-founder Andre M. di Mino said the group's criteria were response time, knowledge of the issues, prompt responses, and an eagerness or willingness to work with Shadowserver to resolve the problem. Di Mino said the group decided to create the Hall of Fame "to reward and acknowledge those companies that go the extra mile and reflect a willingness to address and resolve botnet infestations."
Di Mino said the group pondered creating a "Hall of Shame" to call out ISPs who appear to ignore botnets and bot communications and control channels on their networks, but decided against that idea for the time being.
"We believe that the awareness issue still must be addressed. Many of these companies still don't recognize the depth of the problem and how it can affect them and their customers," di Mino said. "We want to raise that awareness and extend the opportunity to work together to better streamline the reporting and resolution process. We also want them to realize that when we report these issues, we're not looking to blame anyone or say that their internal security is flawed and that this never should have happened. ... We just want to make them aware of the problem and work with them toward a resolution."
If you run an ISP and think you should be listed in with the rest of the do-gooders, contact the Shadowserver crew at executiveteam/at/shadowserver.org.
Posted by: fosheezy | July 28, 2006 4:27 PM | Report abuse
Posted by: Ryan1918 | July 29, 2006 2:34 AM | Report abuse
Posted by: Felix Uribe | July 29, 2006 11:46 PM | Report abuse
Posted by: Pete from Arlington | July 31, 2006 10:28 AM | Report abuse
Posted by: SilenZ | August 11, 2006 9:58 PM | Report abuse
The comments to this entry are closed.