Ten to 25 percent of broadband networks are likely infected by bots, and bots cause 90 percent of spam, according to the Messaging Anti-Abuse Working Group (MAAWG), a coalition of security companies, bandwidth providers, and other interested parties.
MAAWG has issued a report on the problem as well as advice for IT managers, titled “Messaging Anti-Abuse Working Group Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks” (available here in .PDF format). It details best practices for ISPs for dealing with the issue and provides a list of software for handling bot infections.
“ISPs have expressed concern about the problem,” Michael O’Reirdan, MAAWG chairman, told InternetNews.com. “After all, the bot economy is about ripping people off. Enterprise IT should be as worried about the problem as anyone else. Enterprises have PCs that wander around the planet, aren’t always patch, and travel between home and work.”
There is a lot of evidence that there are bots on corporate networks, he added. “Corporate networks are especially valuable to criminals because they host valuable treasury or bank transactions.”
Bot police best practices
The recommendations on the MAAWG report will be familiar to IT managers and includes the Microsoft Windows Malicious Software Removal Tool, several online anti-virus scanners, and various applications that specialize in finding rootkits, spyware, adware, and bots.
Large enterprises are likely to know what to do about the issue, but smaller IT operations might benefit from the report, which is written for ISPs of all sizes, O’Reirdan said.
“This is not a guarantee,” said O’Reirdan. “There is no magic incantation that will work against all bots.”
He said that every IT manager should focus on the basics, such as patching, and should reinstall the operating system and patches from behind the firewall in the event of an infection. “IT managers should know this already,” he added.
“But please don’t think you’re immune because you have a firewall,”
O’Reirdan said. He pointed to an attack in February in Fargo, N. D., in which a bad URL was distributed through flyers masquerading as parking tickets. A SANS
advisory warned that the URL on the flyers led to an attack on the user’s browser through an infectious image and then to the download of scareware.
“Attacks can be low-tech and subtle,” O’Reirdan warned.