Network News

X My Profile
View More Activity

Bot-Slaying ISP Hall of Fame

"Botnets" -- large armies of hijacked personal computers that bad guys use for everything from spamming to knocking Web sites offline -- are a constant security threat to business and home users alike. Disabling the online communications channels that cyber criminals use to control these drone armies is no easy feat, as more than a million individual bots are enslaved by virus writers each month. But some Internet service providers (ISPs) do a far better job than others at disrupting these networks, and as such deserve special attention for their efforts.

Enter the folks at Shadowserver.org -- a group of volunteer security junkies who purposefully infect their own computers with new hacker code each day in order to track down and infiltrate botnets and report details to ISPs about the most active and pernicious botnets on their networks. Shadowserver this week launched its "Hall of Fame" page, naming Comcast Corp. and a handful of other ISPs large and small as the most responsive in slaying botnet control channels.

Three of those named, Afraid.org, DynDNS and Dynup.net are what's known as dynamic DNS (DDNS) providers, which allow Internet browsers to find hundreds of small Web sites by name (for example: smallwebsite.com), even though the actual numeric address of the sites can change from day to day. Bot herders have turned that process inside out, using DDNS services to hide their botnets when they jump from server to server (in my Washington Post Magazine story from February, I followed DDNS provider ChangeIP.com's founder, Sam Norris, in his daily efforts to banish bot herders from his service.)

Also included in the Hall of Fame are 100free.com, GloboTech Communications and Peer 1 Dedicated Hosting.

Shadowserver co-founder Andre M. di Mino said the group's criteria were response time, knowledge of the issues, prompt responses, and an eagerness or willingness to work with Shadowserver to resolve the problem. Di Mino said the group decided to create the Hall of Fame "to reward and acknowledge those companies that go the extra mile and reflect a willingness to address and resolve botnet infestations."

Di Mino said the group pondered creating a "Hall of Shame" to call out ISPs who appear to ignore botnets and bot communications and control channels on their networks, but decided against that idea for the time being.

"We believe that the awareness issue still must be addressed. Many of these companies still don't recognize the depth of the problem and how it can affect them and their customers," di Mino said. "We want to raise that awareness and extend the opportunity to work together to better streamline the reporting and resolution process. We also want them to realize that when we report these issues, we're not looking to blame anyone or say that their internal security is flawed and that this never should have happened. ... We just want to make them aware of the problem and work with them toward a resolution."

If you run an ISP and think you should be listed in with the rest of the do-gooders, contact the Shadowserver crew at executiveteam/at/shadowserver.org.

By Brian Krebs  |  July 28, 2006; 3:25 PM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft to Push Out IE7 as High Priority Update
Next: Faulty Update Stymies Norton Users

Comments

the bad ones? pahha... everyone knows them already...

staminus - don't believe the hype.. they are teh evil

sagonet - herders haven

webhostplus - plus botnet hosting...

dns2go - to go to botnets

justedge - change the name to justbotnets

s.korea, china, italy - good food, poor response to botnets

Posted by: fosheezy | July 28, 2006 4:27 PM | Report abuse

If you would like to know more information on how bots, and them types of things work visit my website at http://www.ryan1918.net Pretty big community including a honeypot section just like the site mention but my site has been around this scence for at least 6 years, currently I started my website back up agian 8 months ago, with over 30,000 posts and over 3,000 registered members the site is growing daily!

Posted by: Ryan1918 | July 29, 2006 2:34 AM | Report abuse

For all of you interested in obtain a really good conmputer and information security website, visit http://www.uribe100.com.

Website recognized by NIST.

Thanks!

Posted by: Felix Uribe | July 29, 2006 11:46 PM | Report abuse

Hall of Shame? Heck, Yeah!
The same paradigm is at work... praise the good, expose the bad. Positively reinforce the goodies, and encourage the slow to improve.

Posted by: Pete from Arlington | July 31, 2006 10:28 AM | Report abuse

If you would like to know more information on how bots, and them types of things work visit my website at http://www.ryan1918.net Pretty big community including a honeypot section just like the site mention but my site has been around this scence for at least 6 years, currently I started my website back up agian 8 months ago, with over 30,000 posts and over 3,000 registered members the site is growing daily!

^ ryan is right. his site probally has the most information on the botnet scene anywhere on the internet, from a perspecive of the hackers themselves.

Posted by: SilenZ | August 11, 2006 9:58 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company