Botnets - Hijacked computers in Sweden - PTS-ER-2009:11

02/04/2009

Botnets are networks comprising computers infected by malicious code, or ‘malware’, which gives the people behind the botnets full control over these computers. For example, a botnet may be used to send large quantities of spam or to carry out denial-of-service attacks. Users whose computers contain malware are often unaffected, which makes botnets unusual among Internet-related security threats.
The spread of botnets is often presented as one of the biggest threats to Internet security. There are reports showing that several million computers are affected around the world. Several major security companies have reported information about the spread of botnets on a global level, but there is a lack of information about the situation in individual countries. The aim of this report is to describe and report on the spread of botnets in Sweden. The report also aims to analyse action taken by market stakeholders to deal with this problem.

However, most stakeholders lack relevant statistics or are unable to break such data down to a national level. As virtually no Internet service providers are monitoring the spread of botnets, the information available largely consists of estimates. However, PTS estimates that less than one per cent of computers in Sweden with broadband connections are affected.

Most Internet service providers work preventively to help their customers avoid becoming affected by security problems. However, in relation to customers who are already affected, far from all Internet service providers take action to deal with the problem. For various reasons, some stakeholders perceive impediments to taking extensive measures. PTS considers that technological progress should also bring with it improvements in terms of responsibility issues. Even if the entire responsibility to prevent problems related to botnets is not borne by one individual stakeholder, it is crucial that measures are actually taken by those who are best able to combat the problem. Internet service providers are probably most capable of monitoring traffic and contacting end users who are affected. Users themselves bear a major responsibility, but they often lack the skills needed to deal with security problems that arise. For this reason, they need the support of Internet service providers, security companies and other suppliers of software, as well as public authorities and other organisations.

PTS will continue to work on the botnet problem. It would, for example, be helpful if common methods for measurement were developed by Internet service providers so that more accurate statistics about the situation could be produced. There is also a need to further study and discuss responsibility issues and the legal prerequisites for action against security-related threats on the Internet, together with the potential need to amend legislation. PTS could, for example, set up a forum for relevant stakeholders in Sweden for discussions about this area.