‹ Back
Building Trust 7 December 2012

Combatting Botnets Through User Notification Across the Ecosystem

Botnets represent a complex problem impacting users, businesses and governments worldwide. Their impact ranges from mere annoyance to significant productivity losses. They are responsible for the distribution of billions of unwanted emails daily spreading malware and spyware that compromise personal information and the security of critical infrastructures that support our modern world.

Responding to the threats that botnets present requires a renewed commitment to multistakeholder efforts, through collaboration and data sharing. No single organization can possibly take on this challenge alone. Thus, an ecosystem wide approach to fighting botnets and malware yields significant benefits. An Antivirus Vendor (ASV) can detect many threats, but only on the systems running their software. An Internet Service Provider (ISP) can detect threats on a network, but that detection is only as good as the ISP’s threat intelligence and monitoring capabilities. A social networking site can detect malware by looking at user behavior, but only malware that targets its own site. A bank can detect fraudulent transactions from zero-day malware that no one else has seen, but only if the malware targets the bank’s organization. By using complementary detection, notification techniques, and sharing data, the ecosystem can address problems more quickly and limit damage to the extent possible.

When combined, these tactics create an integrated model, the OTA Botnet Multi-Stakeholder Ecosystem, including a shared responsibility involving both the public and private sectors. The five primary elements include:

  • Prevention – Proactive activities which can reduce the vulnerability of a user’s device
  • Detection – Efforts aimed at identifying threats on a device or network
  • Notification – Steps to inform a user or responsible entity of the issue
  • Remediation – Actions to remove malicious software from a compromised device(s)
  • Recovery – Actions to resolve impact to a user’s identity from theft, account takeover, credit card fraud and related damages resulting from a botnet.

To develop the OTA Botnet Multi-stakeholder ecosystem, OTA solicited input from over 100 companies and organizations. Together we investigated collaborative initiatives and opportunities to address the challenges Botnets present to the ecosystem. The results of this outreach (through survey and facilitated telephone interviews), led to an OTA sponsored, fullday workshop in October 2012, focusing on End-User Notification best practices. These combined efforts and learning’s are represented in the paper.

‹ Back

Related articles

Best Practices: Botnets
Building Trust2 October 2017

Best Practices: Botnets

About Botnets A "bot" or "botnet" is a program installed on a system to enable that system to automatically (or...

Policy Brief: Botnets
Internet Governance30 October 2015

Policy Brief: Botnets

Botnets are a complex and continuously evolving challenge to user confidence and security on the Internet. Combating botnets requires cross-border and multidisciplinary collaboration, innovative technical approaches, and the widespread deployment of mitigation measures that respect the fundamental principles of the Internet.

Botnet Remediation Overview & Practices
Building Trust1 October 2013

Botnet Remediation Overview & Practices

This paper has been written for a broad audience of service providers, operators of popular web properties, and other members...

Join the conversation with Internet Society members around the world