FRAMINGHAM 8 MARCH 2011 - The battle against groups of hacked computers known as botnets is suffering from a lack of coordination, resulting in a cybercrime industry worth more than $10 billion worldwide annually, according to a report from a European Union security agency.
Although many researchers, security companies and governments are actively investigating botnets, there are still deficiencies in international cooperation, national laws and information sharing that have allowed botnet controllers to build robust networks, according to the report from the European Network and Information Security Agency.
"A shift in the motivation for the creation of malicious software has led to a financially oriented underground economy of criminals acting in cyberspace," wrote ENISA, which studies European information security issues.
Computers become infected with botnet code via software vulnerabilities or other methods of attack, such as malicious e-mail attachments. Once a machine is infected, it can then be used without its owner's knowledge for spamming, distributed denial-of-service attacks or other nefarious purposes.
The code used to infected the machines is often very robust, escaping detection from antivirus software. Those who control the herds of machines use many methods to stay anonymous, making it harder for security analysts and law enforcement to trace, although not impossible.
ENISA recommends providing incentives for key players who can intervene, such as ISPs. In Germany, a government-funded program helps ISPs put in place technology to identify subscribers whose computers appear to be infected and to take steps to clean them, said Giles Hogben, an expert program manager for security applications and service for ENISA.
"In the end, it's not just your machine that suffers," Hogben said. "You have a kind of social responsibility to keep your computer clean because it affects other people as well."
The ISP business is typically low margin, so many have not spent the money on systems to remediate infected computers.
ENISA is also advocating more uniform cybercrime laws, which benefit nations seeking to cooperate and hand over cases to other jurisdictions. The only international treaty covering cybercrime is the 2001 Convention on Cybercrime, which is gradually gaining more ratification. The treaty requires changes to national laws and offers guidance on how nations can conform.
Those running botnets have been prosecuted, but that has been far from a consistent deterrent. "It's a typical researchers versus bad guys battle," Hogben said. "You have to make it more scary for the bad guys so they are really more likely to get prosecuted."
Sign up for Computerworld eNewsletters.