Tough questions about botnets

ENISA published a comprehensive study on the botnet threat and how to address it.

The report looks at the reliability of botnet size estimates and makes recommendations for all groups involved in the fight against botnets. Alongside the main report the agency sets out the top 10 key issues for policymakers.

“The botnet numbers define the political agenda and they determine 100’s of millions of Euros of security investments – we should understand what is behind them. Yet, the report concludes that many botnet figures are likely to be inaccurate and even small numbers of bots can cause severe damage. Size is not everything – the number of infected machines alone is an inappropriate measure of the threat,” says Dr. Giles Hogben, the report Editor.

The comprehensive report on how to assess botnet threats and how to neutralise them. It includes:

• A survey and analysis of methods for measuring botnet size and how best to assess the threat posed by botnets to different stakeholders.
• A survey and analysis of botnet countermeasures.
• A comprehensive set of 25 different types of best-practices to attack botnets from all angles: neutralizing existing botnets, preventing new infections and minimizing the profitability of cybercrime using botnets.

The report also emphasises the need for a close international cooperation between governments, technically-oriented, and legislative institutions. “Global cooperation is indispensable for successful defence against botnets,” says Prof. Udo Helmbrecht, the Executive Director of ENISA.

The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations for different groups involved including:

• The clarification of defensive measures permitted in each member state.
• Measures for encouraging users to keep their computers free of botnets.
• Supporting schemes for notification to infected customers by ISP’s.