Botnets threaten the Internet as we know it

Botnets are the biggest threat facing the Internet today and neither education, technology or the police can help, according to experts at the RSA security conference in San Francisco last week.

Ira Winkler, president of the Internet Security Advisors Group, said: "The statistics are basically that we're screwed. There is no real strategy for it. No-one is doing anything."

Winkler said there needs to be a fundamental change in people's attitudes to effectively combat botnets. "It's going to take a lot more than education, technology and law enforcement."

The most effective approach to tackling botnets would be to impose penalties on people who allow their computers to become infected, making users take more responsibility, according to Winkler.

He said: "We need to hold users responsible. ISPs should have a responsibility of making sure users aren't hosting botnets."

The botnet problem is getting worse, with no obvious solution in sight, according to Joe Telafici, vice president of Avert Operation at McAfee.

Telafici said: "The problem today is many orders of magnitude worse [than] last year. If we don't find a way to make it less profitable to do this, it won't go away."

Jordana Siegel, deputy director of outreach and awareness at the National Cyber Security Division of the US Department of Homeland Security, said: "We're seeing a constant increase in malicious code, which includes botnets."

Ronald Teixeira, executive director of the National Cyber Security Alliance, said: "Botnets are, I think, the biggest threat we face on the Internet today. Tackling this is going a long way to limit attacks."

But Matthew Fine, supervisory special agent with the FBI, said the fact that criminals are now going to jail for botnet attacks is a step in the right direction.

"It's sending a message that judges understand this is affecting lives," said Fine.

But more still needs to be done, Fine warned. "I think we're all screaming for help. Hopefully we'll get some updated laws to help us."

• Related stories

• Alerts

Add your opinion

1. What a joke John -- 15/04/08

   Hold users responsible? What a joke. If someone steals your car and drives it through a crowd of people, the car owner isn't responsible.
   Bot nets will always be around. We have to design technology better to handle possible attacks. Routers should automatically detect attacks from computers and block them. If they are blocked near the start of each computer then it wont spread to be a problem to the destination of the attack. ISP's could then alert the user to a possible misuse of their computer system.

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. A joke, or a last resort? Anonymous -- 16/04/08

      That would be fine, but if the computer is only one of a botnet of 10 million (Bigger ones do exist for spam mail etc), then it doesn't need to send much traffic to maintain a DDOS attack a single request once every 10-30 seconds. How is a ISP going to resolve that as an attack and act accordingly.
      
      Its been proven time and time again that building technology to stop them is not an effective solution because it cannot be implemented on enough computers, putting it at an ISP level rapidly slows down the internet, and as soon as an effective measure is implemented someone will crack it.

      • Reply to comment
      • Report offensive content

2. Botnet herding Anonymous -- 17/04/08

   Whilst Linux and OSX are not bullet-proof, moving away from Microsoft operating systems and applications (Internet Explorer, Office, etc) would be a start.
   
   Corporates are well protected its the mum and dads at home that we need to get off MS. They are by far the more common ones to be attacked as they are less likely to use and update a/v and a/s software and firewalls, and they are more likely to visit dodgy or compromised websites.
   
   Doing that would greatly reduce the incidences of botnets.
   
   Hamish

   • Reply to comment
   • Reply to story
   • Report offensive content

   1. why penalize endusers? Anonymous -- 23/04/08

      software is probably the most common commodity that is traded without warranty(e.g. EULA Licensing, etc.)
      If it were like appliance or other services it will have warranty or at least consumers guarantee act.
      But for software its clealy one-sided to the manufacturers favor.
      Why penalize consumers.
      If it is an Automobile without adequate safety features, Do we penalize buyers or manufacturers?
      Have everyone read Bruce Schneier comments
      and Kaspersky!

      • Reply to comment
      • Report offensive content

• Just In

• Most Popular

• Most Discussed

Hot Spot - What's Important

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

Download Your Microsoft Unified Communications Fact Pack now.

Microsoft Unified Communications - Take your Self Assessment Today.

Reader Services

Popular Topics

Essentials