21 November, 2010

OECD Study: ISPs & Botnets

A note from Knoben Wolf-Ulrich on the ISPCP mailing list points to a new OECD study entitled "The Role of Internet Service Providers in Botnet Mitigation -- an Empirical Analysis Based on Spam Data".

The study indicates that "The networks of just 50 ISPs account for around half of all infected machines worldwide."

The Policy implications:

"From a policy perspective, the finding that a relatively small number of ISPs is associated with a large share of total spam activity is relevant. Although these ISPs are not themselves the origin of botnet infections, they play an important role in the chain from cybercriminals to the targets of botnet attacks. The study uncovered a specific pattern that suggests that the chances of devising meaningful forms of private and public sector measures might be higher than commonly thought. The highly concentrated pattern we uncovered suggests that the number of actors needed to create an impact on botnets is smaller than expected. It would be extremely difficult to bring about collective action among many thousands of ISPs located in over a hundred countries, even if ISPs were to be a more effective control point than the billion to billion-and-a-half end users. Furthermore, the most critical actors are larger, well-established corporations."

No comments:

Post a Comment