Botnets are the next battleground for US cyber security tsar Howard Schmidt.
Speaking at the McAfee Public Sector summit last week, White House cyber security co-ordinator Schmidt said there had been "a lot of discussion about botnets" in trying to identify how many are out there, what they are doing, what they could do and what the impact could be.
He then said that he had asked his office to engage in a private-public partnership to enhance the nation's cyber security by fighting against botnets.
“We're teaming [with] US internet service providers, search engines, internet vendors, privacy rights advocates and groups and trade associations to tackle this on all fronts. We're working on developing best practices and an industry code of conduct within the next 90 days,” he said.
According to Security Affairs, Schmidt said what botnets might do to a business's infrastructure and to personally identifiable information needs to be detected and understood, but with four million new botnet infections every month, he described it as a moving target.
The working group, which was established in March and will be led by Schmidt, will try to achieve the following goals: to develop principles for addressing the botnets; establish high-level strategies to increase public awareness about the botnets; leverage available consumer-focused information tools and resources to prevent the botnets from the beginning; and identify ways of measuring progress.
Schmidt said it is necessary to act immediately, but added: “One of the clear issues we won't be doing any more is to just sit back and admire the problem. We've done that for too long. We've written strategy after strategy, it's time to move beyond the strategies and actually move into an environment where we're executing on these strategies.”
This year has featured plenty of activity against botnets, with Kelihos taken down, Zeus disrupted and Koobface command and control servers reportedly being switched off. However, the Flashback botnet targeting Apple computers has been detected.
Proposed changes to the law from the European Commission would make the possession or distribution of hacking software and tools an offence, and a custodial sentence of at least five years would be given where there are aggravating circumstances, such as the use of a tool specifically designed for large-scale attacks, including a botnet.