How Best To Break The News To Users That Theyre A Bot

  /     /     /  
Publicated : 22/11/2024   Category : security


How Best To Break The News To Users That Theyre A Bot


Georgia Tech researchers study data from DNSChanger botnet to discern the best way for ISPs to clean up bot infections



Turns out last years massive takedown of the DNSChanger botnet provided a handy case study on the most effective methods of notifying victims and cleaning up their machines. Researchers from Georgia Tech studied the botnets remediation efforts, which began early last year, and found that phone contact, billing notices, and redirecting infected users to special Web pages are the best ways to alert them to their infections.
At the height of the DNSChanger botnets life cycle, it had infected 4 million machines worldwide, including Windows and Mac machines. To cut down the botnet, the
FBI sinkholed its traffic to temporary DNS servers
to prevent a major Internet blackout for the massive number of infected machines. DNSChanger wasnt your typical botnet: It redirected infected machines to its own rogue DNS servers, so when those servers were taken down, the bots would have lost Internet access. So the FBI set up its own stopgap DNS servers during the remediation process, which
went on for several months last year
.
Georgia Tech researchers Wei Meng, Ruian Duan, and Wenke Lee found in their study of how ISPs handled informing DNSChanger bots that active social media updates also helped get bots cleaned up, such as Googles directly alerting users via their browsers that they were infected. Social media can have an important role to play in alerting users to infections in their systems and in stemming malware outbreaks. We believe in the importance of implementing active, direct notifications earlier in the process, said Lee, who along with his colleagues presented the teams findings this week at the M3AAWG 27th General Meeting in San Francisco.
Online media didnt make much of an impression on victims until a few days before the FBI deadline to shut down the DNS servers loomed, the researchers found. The deadlines set by FBI had an important role. Google’s direct notifications had positive impact even late in the process, according to the research. We believe the impact would have been greater if done earlier.
Bottom line: Calling victims by telephone was the most effective notification method, while billing also worked well. Email notification and redirecting victims to custom Web pages for remediation was helpful as well, according to the researchers. And while DNS redirection was the most effective way to prevent bots from communicating with rogue DNS servers, redirection alone is not enough: DNS redirection alone is not sufficient. Notifications are still needed since machines may still be infected with malware, the researchers wrote in their presentation.
The industrys response to the DNSChanger malware clearly showed how well competitors and vendors can work together when users safety is on the line, said Michael O’Reirdan, M3AAWG co-chairman. It also was an extraordinary opportunity to objectively study the different approaches companies have developed to assist customers and to understand the important role each of us plays in safeguarding the online experience. The active involvement of anti-malware and security tool vendors, social media platforms, law enforcement, operating system vendors and home networking technology vendors has been shown to be crucial. In the end, it takes the entire Internet ecosystem working together to protect end users.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How Best To Break The News To Users That Theyre A Bot