News & Events - MAAWG Release
MAAWG Attacks BotNets with Walled Garden Best Practices to Protect Users
San Francisco, October 2, 2007 - Taking aim at the bot and zombie malware that turns unsuspecting users’ computers into dangerous spam and identity theft networks, MAAWG has issued the first best practices developed cooperatively by major Internet and email service providers for managing infected subscribers. The “MAAWG Best Practices for the Use of a Walled Garden” provides recommendations for directing customers to a safe online environment where downloadable self-remediation tools can help users remove the malicious code installed on their computers.
“The industry needs to define best practices to address this problem just as a public health department would define quarantine procedures for a biological infection that is affecting its citizens. These best practices are the first effort at unifying and educating ISPs and service providers on how to effectively confront this rapidly spreading malware,” said Scott Chasin, editor of the MAAWG walled garden recommendations and MX Logic, Inc. chief technology officer.
Wall gardens are closed online environments created by service providers where subscribers can safely disinfect their systems. When subscribers with infected computers try to access the Web, their browsers are automatically redirected to a protected environment provided by the ISP where the malicious code can be securely purged. The MAAWG best practices recommend these walled garden sites include downloadable tools that allow users to remove the malware themselves and that once the malicious code has been deleted subscribers’ Web access be easily restored. According to the best practices, end-user education should be a priority.
“Infected subscribers are facing a real menace but have no idea they have been compromised unless they notice their computers are running a little slow or the malware shows up in an anti-virus scan,” said Chasin.
Addresses Significant Source of Spam and Fraud
Currently, a large percentage of spam is sent through these ill-gotten networks. According to Richard Cox, the Chief Information Officer at the Spamhaus Project, a nonprofit that tracks malicious online activity and whose representative serves as a MAAWG senior advisor, “Every day -- day in, day out -- we see between 750,000 and 1.2 million new IP addresses, proxies and botnet zombies attempting to send spam. This does not mean they are all new infections, as infected PCs tend to move around the Internet IP address space of the users' ISP.”
In a botnet, malware from various sources, such as a contaminated email or malicious code downloaded from a malignant Web site, is unknowingly installed on users’ computers. Once deployed, the “bot” or “zombie” machine is controlled by commands from a “bot master,” a person who uses the infected network to send spam or carry out fraudulent activities. The malicious code is often designed to run in background mode, so subscribers with polluted machines are usually unaware their systems are sending large quantities of spam.
The surreptitious networks can range from a thousand infected computers to hundreds of thousands and also can be used to launch Distributed Denial of Service (DDoS) attacks that prevent legitimate users from accessing a targeted Web site. Among other threats, the malware might also include a “key logger” to record users’ keystrokes and capture passwords or sensitive financial information that is forwarded to identity thieves.
Chasin said, “This is the first step and we’ll continue to drive peer-to-peer discussions on this issue. Service providers are becoming more sophisticated in their approach to botnets, and they realize the benefit to both themselves and the broader online community as they educate subscribers.”
The “MAAWG Best Practices for the Use of a Walled Garden” outlines criteria for entering and exiting closed safe environments, recommendations for convenient end-user self-remediation, and practices to make end-user education a primary focus. The document is available on the MAAWG Web site at www.MAAWG.org.
About the Messaging Anti-Abuse Working Group (MAAWG)
The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging industry comes together to work against spam, viruses, denial-of-service attacks and other online exploitation. MAAWG (www.MAAWG.org) is the only organization addressing messaging abuse holistically by systematically engaging all aspects of the problem, including technology, industry collaboration and public policy. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services. Headquartered in San Francisco, Calif., MAAWG is an open forum driven by market needs and supported by major network operators and messaging providers.
Media Contact: Linda Marcus, APR, 714-974-6356, lmarcus@astra.cc, Astra Communications
MAAWG Sponsors (Board of Directors): AOL; AT&T; Bell Canada; Charter Communications (NASDAQ: CHTR); Cloudmark; Comcast (NASDAQ: CMCSA); Cox Communications (NYSE: COX); EarthLink (NASDAQ: ELNK); France Telecom (NYSE and Euronext: FTE); Goodmail Systems; Google Inc.; Microsoft Corp. (NASDAQ: MSFT); Openwave Systems (NASDAQ: OPWV); Time Warner Cable; Verizon Communications; and Yahoo! Inc.
MAAWG Full Members:1&1 Internet AG; AG Interactive; Bizanga LTD; Internet Initiative Japan, (IIJ NASDAQ: IIJI); IronPort Systems; McAfee Inc.; MX Logic; Outblaze LTD; Return Path, Inc.; Sprint; Sun Microsystems, Inc.; Symantec; Telefonica SA; Telus; and Trend Micro, Inc.
MAAWG Supporter Members:AcquireWeb, Inc.; Acxiom Digital; Adaptive Mobile Security LTD; Adknowledge, Inc.; Aladdin Knowledge Systems; Alt-N Technologies, Ltd.; Bandmail Solutions; BigHip; Bluehornet Networks, Inc.; BoxSentry PTE Ltd.; CheetahMail, an Experian Co.; Cincinnati Bell; Click Tactics; ColdSpark, Inc.; Commtouch Software LTD; CommuniGate Systems; Constant Contact; Critical Path, Inc.; Datran Media; eBay, Inc.; eCircle AG; ECO; e-Dialog; eleven GmbH; Emma, Inc.; Entidad Publica Empresarial RED.ES; Epsilon; Everyone.net, Inc.; ExactTarget, Inc.; Facultas/Lyris UK; Fishbowl Marketing; F-Secure Corp.; GetResponse, an Implix Company; Habeas Inc.; iContact; Informz; Insender Technologies Inc.; Insight Midwest, L.P.; Ipsos Interactive Services; Kerio Technologies, Inc.; Lyris Solutions; Mail-Filters; Mansell Group, Inc.; Merkle/Quris; Message Level, LLC; Message Systems; Messagelabs; Messaging Architects; Mirapoint Inc.; MTS Allstream Inc.; Netsuite, Inc.; Nextel Communications; Perftech, Inc.; Pivotal Veracity; Premiere Global Services; Responsys, Inc.; Rockliffe Systems; Rogers Cable; RPost; RSA Security Inc.; S.C. Softwin SRL; Salesforce.com; Sana Security; Sandvine Incorp.; Sendmail, Inc.; SMobile Systems; Sophos Plc.; Splio; St. Bernard Software; StreamShield Networks; StrongMail Systems, Inc.; Synacor, Inc.; TDC; TDS Telecom; Team Cymru; ThinData; TMN Group; Travelocity.com LP; TRUSTe; Tucows Inc.; UPC Broadband Operations BV; Verisign Inc.; Webmail.us; Word To The Wise; Yesmail; and ZDirect, Inc.