Government Proposes ISP's Notify Victims of Botnets

Tuesday, October 04, 2011



The Department of Homeland Security and the Department of Commerce are seeking public and industry input through a Request for Information on a proposal to incentivize Internet Service Providers (ISP's) to notify consumers if they have been the victims of botnet infections.

The proposal would establish a voluntary Code of Conduct for ISP's as outlined in a Commerce Department Green Paper that examined facilitation of public/private cooperation enlisting multiple stakeholders.

"While security risks on the Internet exist in many areas, one current widely exploited threat comes from `botnets.' Through this Request for Information and any follow-on work, the two Departments aim to reduce the harm that botnets inflict on the nation's computing environment," an announcement in the Federal Register states.

Botnets are networks of computers used without the owner’s knowledge for cybercrime activities, such as spamming and or for politically or economically motivated distributed denial of service (DDoS) attacks.

"Over the past several years, botnets have increasingly put computer owners at risk. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks. The Departments seek public comment from all Internet stakeholders, including the commercial, academic, and civil society sectors, on potential models for detection, notification, prevention, and mitigation of botnets' illicit use of computer equipment," the announcement explains.

The proposal seems to make perfect sense. ISP's are in the unique position to detect large-scale botnet activity, to interrupt command and control server networks, to identify victims whose machines are potentially infected with botnet malware, and to notify those users along with providing mitigation mechanisms to quell the infection.

"One strategy that security experts suggest has been successful in stemming the tide of botnets has been for private sector entities to voluntarily and timely detect and notify end-users that their machines have been infected. This voluntary notification has mostly, though not always, come from the user's Internet Service Provider (ISP), which has contact information for the end-user and a pre-existing relationship. Once a service provider has detected a likely end-user security problem, it can inform the Internet user of the steps the user can take to address the problem," the announcement states.

The proposal is in its infancy, and currently the agencies are merely seeking input on the overall design as well as logistical aspects of setting up such a voluntary system.

Several strategies have been identified in the Request for Information announcement, including:

  • A. Private-Sector Run and Supported—Under this scenario, the private sector would create, run, and fund a resource center to inform and educate consumers who have been notified that their equipment may be infected by a botnet. This service could be run by a new or existing non-profit or for-profit entity depending on the needs and the model created.Show citation box
  • B. Public/Private Partnership—Under this scenario, the government and private sector would work together to create a resource to inform and educate consumers who have been notified that their equipment may be infected by a botnet. These services could be provided through a non-profit or quasi-governmental entity depending on the needs and the model created.Show citation box
  • C. Government Run and Supported—Under this scenario, the government would create a centralized resource to inform and educate consumers who have been notified that their equipment may be infected by a botnet. These centralized services would be provided by a government agency with some substantive input from the private sector, perhaps through a Federal Advisory Committee.

Comments on the proposed Code of Conduct and botnet reporting initiative are due on or before 5 p.m. EDT, November 4, 2011.

Written comments on the proposal may be submitted by mail to the National Institute of Standards and Technology at the U.S. Department of Commerce, 1401 Constitution Avenue, NW., Room 4822, Washington, DC 20230. Submissions may be in any of the following formats: HTML, ASCII, Word, rtf, or pdf.

Online comment submissions in electronic form may be sent to Paper submissions should include a compact disc (CD). CDs should be labeled with the name and organizational affiliation of the filer and the name of the word processing program used to create the document. Comments will be posted at

A list of questions are included in the Request for Information, and can be accessed at the source link below:


Possibly Related Articles:
Viruses & Malware
malware Botnets Government Headlines DHS ISP Commerce Department Code of Conduct Request for Information Notification
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.