We have the Ebola virus, the avian flu virus, and now we have another kind of pandemic: botnets, namely GameOver Zeus and CryptoLocker. One of the vexing components of the botnet phenomenon is how to alert people of cyber-pandemics.
On June 2, The U.S. Department of Justice announced a worldwide operation to take out these leading botnets. But this came after hundreds of thousands of people suffered infections from this malware network, with losses of over $100 million in the States.
Victims were urged to clean their compromised computers within two weeks of the attacks, as botmasters can return within that time period.
The cleanup following infections requires global cooperation spanning law enforcement, security vendors, domain registrars, software manufacturers and of course, the users themselves.
But user awareness of these cyber-pandemics is too low. Tools for cleanup are readily available and should implemented before something bad happens.
The malware uses top-level domains:
These botnets are like a cancer: They can't be cured (completely dismantled), but they can be managed.
It's just not possible to take down every single last viral installation. The Code Red and Conficker viruses today still infect thousands of hosts. The scope and impact of some viral installations require indefinite blocking. Botnets are mass infections and can only be managed, and cleanup is an opt-in requirement.
Peer-to-peer (P2P) components of malware infrastructures must be addressed by the cleanup effort. This is all about public health of the cyber kind: cyber public health, and it requires a lot of coordinated defenses stretching near and far, and these defenses must be continually evolving.