Mass-scale cleansing of co-opted computing devices

Cyber criminals are infecting innocent victims’ computing devices with crimeware at an alarming rate and with enormous costs.

Technology solutions alone have not worked to rid the Internet of the danger of infected desktop computers and mobile devices to deny computing resources to criminal enterprises.

Complimenting advanced security technology, empowering users with facile tools, knowledge and further education is vital for a formulated defense.

By analyzing the discovery and remediation methods from four entities – National CERT, NGOs, Trade Associations, and ISPs – a new APWG report examines proven approaches which can be replicated with highly effective results, coupled with minimal deployment cost and end-user effort.

“The four organization profiled are examples of those that have provided working models that can be readily emulated by enterprises interested in providing structured interventions for neutralizing malware and botnets,” said April Lorenzen, APWG Research Fellow and director of Dissect Cyber.

“Each has sought to empower users with solutions for cleaning up their machines while providing education about how to prevent additional infection. This approach aids in removing computer cycles from criminal control and making the larger networked community more resilient against all types of attacks,” Lorenzen added.

National CERT – Started in 2006, the Cyber Clean Center project provides ISPs with proprietary data to help them identify infected customers. Initially started with eight large ISPs is 2006, the CCC quickly grew to what is now 72 participating ISPs.

NGO – In 2010, the iCode initiative began in Australia. The aims of iCode are centered around four cyber security principles of Education, Detection, Action and Reporting. Today over 90% of Australia’s Internet users are served by an iCode compliant ISP.

Trade Association – In 2010 the Anti Botnet Advisory Center (ABAC) began operations in Germany. ABAC is unique in that it offers telephone support where users can be talked through solving their infection problems where possible. Additionally, ABAC distributes a bootable CD which can automatically clean the infected users computer.

Commercial ISPs – ISPs have also started programs to detect, notify, and help customers sanitize infected computers. In the United States, AT&T, Cox, Sprint, Time Warner Cable, Verizon, CenturyLink and Comcast either have a working program or have pledged to create one.

Each of these profiled programs has seen major success in the two-tier approach that helps users clean up infected machines while providing all necessary education.