50 ISPs harbor half of all infected machines worldwide
Posted on 16.11.2010
As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result.

A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation - an analysis that led to interesting conclusions.

The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false.

The examination of some 190 billion spam messages from 170 million unique IP addresses captured between 2005 and 2009 led the researchers to conclude that the presence of piracy is a much more accurate indicator of the botnet infection rates tied to a specific country, and that higher education levels in a country are also conducive to a lower level of infection.

Another interesting result of this analysis is that ISPs of similar size located in the same country can have drastically different infection rates among its users, leading the researchers to conclude that some ISPs have adopted more effective practices against infection than others.

"The networks of just 50 ISPs account for around half of all infected machines worldwide," say the researchers. "This is remarkable, in light of the tens of thousands of entities that can be attributed to the class of ISPs. The bulk of the infected machines are not located in the networks of obscure or rogue ISPs, but in those of established, well-known ISPs."

That means that persuading just these 50 ISPs to begin implementing new, more efficient approaches for preventing and eradicating the infection could make a big dent into the botnet market.

"If the 50 ISPs we identified would ramp up their efforts, the problem might migrate elsewhere, say the researchers. "However, it is much more difficult to migrate a network of millions of infected machines than to migrate the C&C servers or other ancillary services."






Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //