ISPs essential to controlling spam botnets: OECD

End-user initiatives to control spam botnets "insufficient to reduce the overall spam problem"

Internet service providers (ISPs) are important control points in the ongoing effort to control spam and botnets, according to a report from the Organisation for Economic Co-operation and Development (OECD).

The report — based on a global dataset comprised of 109 billion spam messages from 170 million unique IP addresses delivered to a spam trap during 2005-2009 — found that of the tens of thousands of ISPs that provide Internet access, the 200 ISPs that collectively hold nearly 90 per cent of the total market share in the wider OECD area account for more than 60 percent of all infected machines worldwide".

"Other service providers, such as hosting providers, university networks, corporate networks and application service providers contain a smaller share of all bots," the report said.

Further, the networks of just 50 ISPs account for around half of all infected machines worldwide.

While larger ISPs had, on average, fewer infected machines per customer than small ISPs, these smaller ISPs could have as much as a tenfold difference in the number of infected machines.

According to the report, measures that directly addressed end users who owned infected machines were useful, but had largely proven insufficient to reduce the overall spam problem.

"Security measures that address end users directly – including awareness raising and information campaigns – are useful, but they have proven to be insufficient to reduce the overall problem," the report reads. "Not because end users are incorrigible. Some surveys suggest that they do, in fact, increasingly adopt more secure practices, such as using anti-virus protection, a firewall, and automatic security updates for their software...

"The attackers, however, also adapt and innovate their strategies. The net result is an inadequate defense against malware infections: while the capabilities and practices of end users are improving, they lag behind the increasingly sophisticated threats of attackers."

While many ISPs were willing to improve their network security, the cost associated with doing so could prove a disincentive for these companies, many of which already competed in a highly cost- and price-sensitive market, the report found.

"Even if price does not seem to have a significant influence on security performance, from an ISP’s point of view, policy measures that affect costs (and all do directly and indirectly) are unfunded mandates and may be difficult to realise given this competitive environment," The report reads. "Thus, it may be necessary to think about innovative funding schemes for such programmes.

"Moreover, even if consumers cared about security, there are no adequate market signals that could reliably guide them towards better performing ISPs. Establishing a trusted rating system might be a tool to assist consumers in this regard.

"Current efforts to bring about collective action – through industry self-regulation, co-regulation, or government intervention – might initially achieve progress by focusing on the set of ISPs that together have the lion’s share of the market."

The findings are in line with local initiatives by the Internet Industry Association which has proposed a voluntary ISP spam code requiring ISPs to take action against customer computers that are sending out spam.

The code could also be jointly funded by industry and government, according to IIA chief executive, Peter Coroneos.

In October, the former deputy director and chief information officer of the US National Security Agency (NSA), Dr Prescott Winter, warned Australia and neighbouring countries such as Singapore needed to lead the push for global cybersecurity compliance between governments, large enterprises and telcos.

More about: IIA, Internet Industry Association, National Security Agency, NSA, OECD
References show all

Comments

1

Chih-Cherng Chin

Tue 16/11/2010 - 17:33

We often think zombie computers could be remotely controlled by hackers for months without being noticed. So I find the numbers of spam messages and unique IP addresses a bit hard to believe. If you divide number of spam messages by number of IP addresses, you get 641, which is the average number of spams sent per IP. If that is true, then these infected machines are quickly found and cleaned up after they started sending spam.
Another problem. If you divide the number of unique IP addresses by the number of days from 2005 to 2009, you get 93150, which is the average number of infected machines detected per day. And that is under the assumption that these IP addresses won't reappear, because they are *unique*. So the number also seems a bit high to me.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: botnets, ISPs, OECD, spam
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/20/adawarefree/

Lavasoft Ad-Aware Free

Ad-Aware Free has long been one of the most popular spyware killers on the planet, and with good reason. It's simple to use, does an ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia