Europe prepares for war with botnets

EU cyber security agency ENISA has warned that ISPs, end users and governments all have a role to play in stopping the global menace of botnet-related cyber crime.

Botnets, such as the one that uses the infamous Zeus malware to infect machines, are growing in scope and scale, and ENISA has released two reports in which it attempts to understand the root of the problem and how to tackle it.

The security agency warned that combating botnet attacks will take a co-ordinated response and should only be tackled after careful consideration of their impact and motivation.

"The botnet numbers define the political agenda and they determine hundreds of millions of euros of security investments. We should understand what is behind them," said Giles Hogben, the report editor.

"Size is not everything - the number of infected machines alone is an inappropriate measure of the threat."

ENISA's main report, Botnets: Measurement, Detection, Disinfection and Defence (PDF) is an investigation into how best to measure the size of botnets and their threats, and more importantly how to neutralise them.

Here, collaboration, specifically between nation states and their security mechanisms, is of considerable importance.

"Global co-operation is indispensable for successful defence against botnets," added Udo Helmbrecht, the executive director of ENISA.

The report suggests that botnets should be tackled on a co-ordinated basis, as sharing information about attacks will increase understanding and limit any further infection.

Enisa also suggested that laws should be harmonised as a way of ensuring a consistent approach by regulators.

Service providers should have a role to play too, in taking more responsibility for spotting suspicious activity on their networks.

ISPs should be "strongly incentivised" to improve monitoring and malware takedowns, according to the report.

End users were also the focus of some attention and they will be expected to do all they can to stop their machines getting infected with botnet malware.

ENISA wants to support this increased security push with educational or support programmes designed to raise awareness about personal protection.

A second report, titled Botnets: 10 Tough Questions, is a "distillation" of the body's discussions with experts including ISPs, security researchers, computer emergency response teams, anti-virus firms and law enforcement agencies.

It raises questions such as what kind of legislation is needed and where money should be invested.

A third report, scheduled for release later this year, will deal with the legislative environment surrounding such attacks.