SANS Institute slags Australia's anti-botnet iCode

But PayPal supports Australia’s earlier Internet Security Initiative.

The National Institute of Standards and Technology (NIST) is eyeing Australia's iCode as a model for its own ISP-led malware notification system, but Microsoft, the SANS Institute and others have expressed reservations about pursuing it in the United States (US).

The NIST this September sought feedback on how the US should go about establishing a voluntary notification scheme to tackle botnets, highlighting the iCode as one possible template.

Alan Paller, the director of research at the Sans Institute (PDF), argued the US should not follow the iCode because it was ineffective.

After analysing "the actual experience of the iCode in Australia", Paller said that SANS learned the desired impact "was not gained."

"The reductions were insignificant," he added, arguing that to justify a similar code in the US, it would need to achieve "substantial reductions" in the number of bots of at least 50 per cent.

The Internet Industry Association (IIA) launched the voluntary code in December 2010, and has since signed up 33 ISPs, including Telstra BigPond, iiNet and Optus, but still is missing some major ISPs such as TPG.

The US has shown interest in the iCode, with former IIA chief Peter Coroneous receiving an invite to the White House to discuss the program with White House Cybersecurity Coordinator, Howard Schmidt this May.

Microsoft and Symantec had reservations about relying too heavily on ISPs.

While ISPs were uniquely positioned to identify the impacted customer, Microsoft saw an important role for operating system, application and security vendors involved as well as domain hosts, banks, email providers and social networks.

Sending notifications also raised the possibility for fraudulent notifications, which Symantec argued could “aggravate the problem rather than alleviate it”.

PayPal supported ISP email, phone, fax or postal notifications over page “redirect” notifications for security reasons. It also held up Australia’s Internet Security Initiative - a precursor to the iCode - which combines notifications, traffic filtering and a “walled garden” quarantining component as an example to follow.

In fact, one of the iCode’s objectives is to get ISPs to participate in this scheme.

“We are also in favor of ISPs deploying traffic filtering solutions to eliminate certain types of botnet traffic. When feasible we believe ISPs should aggressively filter traffic to known botnet C&C servers from their networks,” said PayPal.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags Alan PallerInternet Industry Association (IIA)symantecpaypalUS National Institute of Standards and Technology (NIST)iCode

More about IIAIinetInternet Industry AssociationMicrosoftOptusPayPalSANS InstituteSymantecTechnologyTelstra CorporationTPG Telecom

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts