What is to be done when botnet takedowns don’t produce lasting benefits?
At the Telecommunications Policy and Research Conference in Arlington, VA
in September, I gave a paper about
Rustock Botnet and ASNs.
Most of the paper is about effects of a specific takedown (March 2011)
and a specific slowdown (December 2010) on specific botnets
(Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom’s AS 4766,
India’s National Internet Backbone’s AS 9829, and many others).
The detailed drilldowns also motivate a higher level policy discussion.
Knock one down, two more pop up: Whack-a-mole is fun, but not a
solution. Need many more takedowns, oor many more organizations
playing. How do we get orgs to do that? …
Two ASNs had big spurts of spam in September.
iWeb’s AS 32613 got to second place in the last two weeks of the month.
Like in August, IPWorld’s AS 19875 did one big spam spew,
but this time it almost doubled its closest competitor,
breaking 100,000 messages!
What is making Canada suddenly attractive to spammers?
Stop-eCrime aims to reduce electronic crime by increasing transparency
of information and communications technologies.
Born out of 2010 meetings organized by the Anti-Phishing Working Group
and the IEEE Standards Association,
Stop-eCrime has already been
working on ecrime event data exchange standards and protocols, as well
as operational protocols for dealing with computers compromised by ecrime.
Now Stop-eCrime wants you to help tie these technical and operational
levels together into an ecrime detection and response system
coordinated among the public, business, academia, and government.
There’s plenty of work to be done on technical standards and
operational protocols (such as glossaries, metrics, and monetary
effects), plus Stop-eCrime needs educational materials and marketing
to explain incentives for everyone to participate in reducing ecrime.