Monthly Archives: October 2011

How to leverage botnet takedowns

What is to be done when botnet takedowns don’t produce lasting benefits?

At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766, India’s National Internet Backbone’s AS 9829, and many others).

The detailed drilldowns also motivate a higher level policy discussion.

Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? …
There is extensive theoretical literature that indicates Continue reading

Upset in Canadian spam rankings: Canaca took first, Bell Canada down to fifth!

Canaca-com’s AS 33139 CANACA-210 rose from sixth place in August to first in September in for Canada from CBL data. Long-time winner Bell Canada’s AS 577 BACOM fell from first to fifth.

Two ASNs had big spurts of spam in September. iWeb’s AS 32613 got to second place in the last two weeks of the month. Like in August, IPWorld’s AS 19875 did one big spam spew, but this time it almost doubled its closest competitor, breaking 100,000 messages!

What is making Canada suddenly attractive to spammers?


You can help Stop-eCrime

Stop-eCrime aims to reduce electronic crime by increasing transparency of information and communications technologies.

Born out of 2010 meetings organized by the Anti-Phishing Working Group and the IEEE Standards Association, Stop-eCrime has already been working on ecrime event data exchange standards and protocols, as well as operational protocols for dealing with computers compromised by ecrime.

Now Stop-eCrime wants you to help tie these technical and operational levels together into an ecrime detection and response system coordinated among the public, business, academia, and government. There’s plenty of work to be done on technical standards and operational protocols (such as glossaries, metrics, and monetary effects), plus Stop-eCrime needs educational materials and marketing to explain incentives for everyone to participate in reducing ecrime.

Here are the details.

If you want to help, or if you have questions, contact:
Chair: Paul Laudanski <>