Commerce and Homeland Security Departments Request Information About Botnet Notifications

Hackers use software programs to search the internet for computers that aren’t protected by up-to-date security software. When they find unprotected computers, they try to install malware that allows them to control the computers remotely. Many thousands of these computers linked together make up a “botnet,“ a network controlled by hackers to steal people’s personal information or send spam. Millions of home computers are part of botnets.

One strategy that has been successful in stemming the tide of botnets has been for private sector entities to voluntarily and timely detect and notify users that their machines have been infected. This voluntary notification has often come from the user’s Internet Service Provider (ISP) or another company with whom a user interacts very frequently. Once an ISP has detected a likely user security problem, it can inform the user of the steps he or she can take to address the problem. For example, the ISP could notify the user about a botnet infection and send him or her to a website with information to help clean up the computer.

The Departments of Commerce and Homeland Security have issued a Request for Information (RFI) asking about: the need for a voluntary code of conduct for consumer notifications about botnets; how private entities might help prevent and identify botnets; how to notify users about botnets; how to help promote incentives for companies to participate in voluntary notification efforts; and how to help build resources to help ISPs or other entities notify consumers.

You can read the RFI and learn how to file a comment here. Comments are due by November 4, 2011.

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.