50 ISPs harbor half of all infected machines worldwide
Posted on 16.11.2010
As the classic method of combating botnets by taking down command and control centers has proven pretty much ineffective in the long run, there has been lots of talk lately about new stratagems that could bring about the desired result.

A group of researchers from the Delft University of Technology and Michigan State University have recently released an analysis of the role that ISPs could play in botnet mitigation - an analysis that led to interesting conclusions.

The often believed assumption that the presence of a high speed broadband connection is linked to the widespread presence of botnet infection in a country has been proven false.

The examination of some 190 billion spam messages from 170 million unique IP addresses captured between 2005 and 2009 led the researchers to conclude that the presence of piracy is a much more accurate indicator of the botnet infection rates tied to a specific country, and that higher education levels in a country are also conducive to a lower level of infection.

Another interesting result of this analysis is that ISPs of similar size located in the same country can have drastically different infection rates among its users, leading the researchers to conclude that some ISPs have adopted more effective practices against infection than others.

"The networks of just 50 ISPs account for around half of all infected machines worldwide," say the researchers. "This is remarkable, in light of the tens of thousands of entities that can be attributed to the class of ISPs. The bulk of the infected machines are not located in the networks of obscure or rogue ISPs, but in those of established, well-known ISPs."

That means that persuading just these 50 ISPs to begin implementing new, more efficient approaches for preventing and eradicating the infection could make a big dent into the botnet market.

"If the 50 ISPs we identified would ramp up their efforts, the problem might migrate elsewhere, say the researchers. "However, it is much more difficult to migrate a network of millions of infected machines than to migrate the C&C servers or other ancillary services."






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //