Government and botnets

The US government is looking at telling ISPs how to deal with compromised customers and botnets.
They’re a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. Control involves a number of different techniques, but notification has been designed into the system from day 1.

“There is no need for mandated action in this area since the market is already moving forward. Many ISPs are already doing a great deal to combat the menace of bots and malware. All over the U.S., ISPs currently have notification systems in place to tell their users they are infected and — whether they deliver these warnings via email, phone, walled gardens, or inline warnings — the warnings are being delivered,” says Michael O’Reirdan, chairman of the MAAWG. “Other ISPs currently have pilot programs or technology development efforts in place, and there will be more deployments in the near future.”
O’Reirdan says ISPs handled the spam battle on their own, and can also do so for battling bots. It has become a business issue for them, he says. “No one had to mandate anti-spam platforms: ISPs put them in place to deal with the menace of spam because, if they had not, they would have lost customers if customers’ mailboxes were overrun with spam. The same is happening with anti-bot platforms. It is becoming a ‘table stakes’ issue for ISPs, and legislating in this arena will merely lock the response of ISPs in stone to conform with the legislation rather than allow innovation and development to meet the rapidly varying nature of the bot challenge posed by the bad guys,” he says. Kelly Jackson Higgins

The ISPs have taken a leadership position in the area of protecting consumers from botnets. This has been a major discussion point at MAAWG for years. Many ISPs have worked closely with vendors to create detection and notification systems to mitigate and clean botnet infections.

Related Posts

Back from MAAWG

Today is the first day back at work after a productive MAAWG conference.
The thing I get most out of MAAWG is a greater appreciation for what a large, global force messaging is. The recent protests and uprisings around the world have relied on messaging to organize, share information and communicate. Messaging is also somewhat fragile. Thing things that make it great for strangers to interact with one another also allows bad people and organizations to cause harm.
It is a struggle to minimize the harm while not hurting the good.
MAAWG is comprised of the people that make messaging work. These are folks that are on the front lines in the fight to stop online harm. It’s somewhat humbling to watch a conference full of really smart people, from all levels of responsibility, discuss ways to improve messaging for real users and real people while stopping the bad people. There are good ideas and bad ideas, but discussions are professional and informative. Plus it’s always good to see old friends and make new ones.
I inevitably come back from MAAWG with a load of things to do, new projects to take on and new ideas. This time I’m also looking forward to the publication of a document announced at the conference. The EastWest Institute’s Chief Technology Officer Karl Frederick Rauscher talked about a report they will be publishing next month talking about how China and the US are working together to fight spam.

Read More

MAAWG: Just keeps getting better

Last week was the 22nd meeting of the Messaging Anti-Abuse Working Group (MAAWG). While I am prohibited from talking about specifics because of the closed door nature of the group, I can say I came out of the conference exhausted (as usual) and energized (perhaps not as usual).
The folks at MAAWG work hard and play even harder.
I came away from the conference feeling more optimistic about email than I have in quite a while. Not just that email is vital and vibrant but also that the bad guys may not be winning. Multiple sessions focused on botnet and crime mitigation. I was extremely impressed with some of the presenters and with the cooperation they’re getting from various private and public entities.
Overall, this conference helped me to believe that we can at least fight “the bad guys” to a draw.
I’m also impressed with the work the Sender SIG is doing to educate and inform the groups who send bulk commercial messages. With luck, the stack of documents currently being worked on will be published not long after the next MAAWG conference and I can point out all the good parts.
There are a couple specifics I can mention. One is the new list format being published by Spamhaus and SURBL to block phishing domains at the recursive resolver. I blogged about that last Thursday. The other bit is sharing a set of security resources Steve mentioned during his session.
If your organization is fighting with any messaging type abuse (email, social, etc), this is a great place to talk with people who are fighting the same sorts of behaviour. I do encourage everyone to consider joining MAAWG. Not only do you have access to some of the best minds in email, but you have the opportunit to participate in an organization actively making email, and other types of messaging, better for everyone.
(If you can’t sell the idea of a MAAWG membership to your management or you’re not sure if it’s right for you, the MAAWG directors are sometimes open to allowing people whose companies are considering joining MAAWG to attend a conference as a guest. You can contact them through the MAAWG website, or drop me a note and I’ll make sure you talk with the right folks.)
Plus, if you join before October, you can meet up with us in Paris.

Read More

Holomaxx doubles down

Holomaxx has, as expected, filed a motion in opposition to the motion to dismiss filed by both Yahoo (opposition to Yahoo motion and Hotmail (opposition to Microsoft motion). To my mind they still don’t have much of an argument, but seem to believe that they can continue with this.
They are continuing to claim that Microsoft is scanning email before the email gets to Microsoft (or Yahoo) owned hardware.

Read More