Internet Providers Asked by U.S. to Set Virus Defense Standards
Internet-service providers including AT&T Inc. (T) and Comcast Corp. (CMCSA) may be asked to create an industry standard for fighting computer viruses known as botnets under a proposal from U.S. regulators.
The Homeland Security and Commerce departments are seeking comments through Nov. 4 on the creation of a voluntary program that would “reduce the harm that botnets inflict on the nation’s computing environment,” according to a notice published today in the Federal Register.
Botnets link personal computers to flood corporate or government networks with unwanted traffic that can take down systems. To build a botnet, hackers send out programs, often disguised as links or hidden in an e-mail attachments, that infect a computer when opened. Infected computers communicate invisibly with command machines, generating hard-to-trace spam and searching for user passwords and company secrets.
Symantec Corp. (SYMC), a computer security company based in Mountain View, California, estimates there are about 3.5 million to 5.4 million botnets worldwide. At least 18 percent of home computers are controlled remotely by cyberthieves without their owners’ knowledge, according to Damballa Inc., an Atlanta-based cybersecurity research firm that tracks botnets.
Homeland Security and Commerce said in their notice that botnets have emerged as an increasing threat during the past several years. Cybercrime, which includes attacks from botnets, costs large U.S. companies an average of $3.8 million annually, and about 9 million Americans have their identities stolen each year, a group of U.S. senators said Jan. 26 after introducing a bill aimed at tightening Web security.
Monitoring Customers’ PCs
The agencies suggested that Internet-service providers monitor customers’ computers to detect botnets and then notify subscribers of infections, according to the notice. ISPs, which have contact information and a “pre-existing relationship” with users, can inform customers how they can remove the virus, according to the notice.
To encourage providers to adopt a voluntary standard, companies may be offered protection from lawsuits stemming from cyberattacks on customers’ computers, the notice said. The agencies also suggested establishing a “resource center” to support people whose computers have been infected by botnets. The center might be operated by industry, the government or both, according to the notice.
Botnet Risk
“Botnets are increasingly putting computer owners at risk of intrusions by malicious actors and the loss of computing power and Internet access,” Chris Ortman, a Homeland Security spokesman, said in an e-mail. Today’s proposal “will help DHS evaluate the extent to which voluntary notification of botnet infections can reduce and protect against cyber threats.”
Verizon Communications Inc. (VZ) spokesman Richard Young declined to comment. Representatives of AT&T, Comcast and the Commerce Department, did not immediately respond to phone calls and e-mails seeking comment.
A Federal Communications Commission working group in December issued a report recommending ways for ISPs to address botnets, including detecting malware infections, notifying users, temporarily “quarantining” compromised accounts, and making anti-virus software available to consumers.
To contact the reporter on this story: Eric Engleman in Washington at eengleman1@bloomberg.net
To contact the editor responsible for this story: Allan Holmes at aholmes25@bloomberg.net
Rate this Page