How Best To Break The News To Users That Theyre A Bot

Georgia Tech researchers study data from DNSChanger botnet to discern the best way for ISPs to clean up bot infections

Turns out last years massive takedown of the DNSChanger botnet provided a handy case study on the most effective methods of notifying victims and cleaning up their machines. Researchers from Georgia Tech studied the botnets remediation efforts, which began early last year, and found that phone contact, billing notices, and redirecting infected users to special Web pages are the best ways to alert them to their infections.
At the height of the DNSChanger botnets life cycle, it had infected 4 million machines worldwide, including Windows and Mac machines. To cut down the botnet, the
FBI sinkholed its traffic to temporary DNS servers
to prevent a major Internet blackout for the massive number of infected machines. DNSChanger wasnt your typical botnet: It redirected infected machines to its own rogue DNS servers, so when those servers were taken down, the bots would have lost Internet access. So the FBI set up its own stopgap DNS servers during the remediation process, which
went on for several months last year
.
Georgia Tech researchers Wei Meng, Ruian Duan, and Wenke Lee found in their study of how ISPs handled informing DNSChanger bots that active social media updates also helped get bots cleaned up, such as Googles directly alerting users via their browsers that they were infected. Social media can have an important role to play in alerting users to infections in their systems and in stemming malware outbreaks. We believe in the importance of implementing active, direct notifications earlier in the process, said Lee, who along with his colleagues presented the teams findings this week at the M3AAWG 27th General Meeting in San Francisco.
Online media didnt make much of an impression on victims until a few days before the FBI deadline to shut down the DNS servers loomed, the researchers found. The deadlines set by FBI had an important role. Google’s direct notifications had positive impact even late in the process, according to the research. We believe the impact would have been greater if done earlier.
Bottom line: Calling victims by telephone was the most effective notification method, while billing also worked well. Email notification and redirecting victims to custom Web pages for remediation was helpful as well, according to the researchers. And while DNS redirection was the most effective way to prevent bots from communicating with rogue DNS servers, redirection alone is not enough: DNS redirection alone is not sufficient. Notifications are still needed since machines may still be infected with malware, the researchers wrote in their presentation.
The industrys response to the DNSChanger malware clearly showed how well competitors and vendors can work together when users safety is on the line, said Michael O’Reirdan, M3AAWG co-chairman. It also was an extraordinary opportunity to objectively study the different approaches companies have developed to assist customers and to understand the important role each of us plays in safeguarding the online experience. The active involvement of anti-malware and security tool vendors, social media platforms, law enforcement, operating system vendors and home networking technology vendors has been shown to be crucial. In the end, it takes the entire Internet ecosystem working together to protect end users.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
How Best To Break The News To Users That Theyre A Bot