SAN FRANCISCO, August 3 /PRNewswire/ --

- Industry Recommendations Can Improve Consumer Bot Removal

With the growing problem of bot infestations contributing to spam,
identity theft and online fraud, the Messaging Anti-Abuse Working Group
(MAAWG) has issued the first best practices aimed at helping the global ISP
industry work more closely with consumers to recognize and remove bot
infections on end-users' machines. The paper outlines a three-step approach
with recommendations for detecting bots, notifying users that their computers
have been compromised, and guiding them in removing the malware.

(Logo: http://www.newscom.com/cgi-bin/prnh/20070124/CLW180LOGO )

Bots, or malware running on users' computers without their knowledge, are
responsible for generating up to 90 percent of spam and can also be used to
steal personal information or take part in DDOS (distributed denial of
service) attacks. MAAWG Common Best Practices for Mitigating Large Scale Bot
Infections in Residential Networks (Version 1.0) outlines strategies used by
some of the largest ISPs worldwide yet was developed to be scalable for
smaller network operators and to consider legal and process differences among
countries.

"Bots are a global affliction and these best practices are an important
step in educating the industry on the appropriate processes to help protect
consumers. We're sharing the experiences of our global membership so that
network operators everywhere can more aggressively tackle this problem. As an
industry, we are becoming more proactive in alerting customers when bots are
detected on their computers and in helping users remove the malware before it
can harm them," said MAAWG Chairman Michael O'Reirdan.

The new best practices outline various options for alerting customers
when their computers are infected and has suggestions for helping end-users
clean their systems. The paper discusses bot detection methods, customer
notification, and the use of walled gardens to limit infected machines'
exposure to the Internet. Among the recommendations:

- While protecting users' privacy, network operators can use various
      tools to detect infected end-user computers, including DNS, scanning 
      the IP space to identify vulnerable computers, and collecting IP 
      traffic information for known command and control addresses.

    - Email, phone calls to customers, postal mail and walled gardens are
      common notification tools, each with their own considerations. 
      In-browser messages are considered to be among the most effective 
      methods to alert customers but also can be technically challenging to 
      implement.

    - ISPs need to maintain a well-publicized security portal that includes
      directions for end-user bot removal.



The paper also includes sample end-user messages and a list of malware
detection and removal tools. The best practices will continue to be revised
to reflect new procedures and the evolution of new bots threats.

Users Under Estimate Bot Threat

A bot residing on a consumers' computer is usually part of a larger
network of machines programmed to perform specific, clandestine operations
under the control of a "botmaster." The malware is often installed on
unsuspecting consumers' machines when they click on an infected email or
download illicit code from a compromised Web site. Bots are designed to
operate stealthily - for example, sending spam or recording passwords and
personal information without their owners' knowledge - making it difficult
for end-users to detect their machines are infected.

While about 80 percent of consumers are aware of bots, only 20 percent
believe they will ever be infected, according to a survey MAAWG released in
July (the survey and related news release are available at www.MAAWG.org).
"ISPs need to take steps to protect users, but we also need to continually
educate customers and work closely with them to contain bot propagation,"
O'Reirdan said.

The new bot mitigation best practices are part of the ongoing work at
MAAWG to confront messaging abuse. Previously, MAAWG has published best
practices for managing port 25, using walled gardens, sharing dynamic IP
address space, email forwarding practices, and senders best communications
practices, among other topics.

The MAAWG Common Best Practices for Mitigating Large Scale Bot Infections
in Residential Networks can be downloaded from the organization's Web site at
www.MAAWG.org. The MAAWG consumer survey, published white papers and best
practices also are available at the site.

About the Messaging Anti-Abuse Working Group (MAAWG)

The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging
industry comes together to work against spam, viruses, denial-of-service
attacks and other online exploitation. MAAWG (www.MAAWG.org) represents
almost one billion mailboxes from some of the largest network operators
worldwide. It is the only organization addressing messaging abuse
holistically by systematically engaging all aspects of the problem, including
technology, industry collaboration and public policy. MAAWG leverages the
depth and experience of its global membership to tackle abuse on existing
networks and new emerging services. Headquartered in San Francisco, Calif.,
MAAWG is an open forum driven by market needs and supported by major network
operators and messaging providers.

MAAWG Board of Directors: AOL; AT&T (NYSE: T); Cloudmark, Inc.; Comcast
(Nasdaq: CMCSA); Cox Communications; France Telecom (NYSE and Euronext: FTE);
Goodmail Systems; Openwave Systems (Nasdaq: OPWV); Time Warner Cable; Verizon
Communications; and Yahoo! Inc.

MAAWG Full Members: 1&1 Internet AG; Bizanga LTD; Constant Contact;
e-Dialog; Eloqua Corporation; Experian CheetahMail; Genius.com; Internet
Initiative Japan, (IIJ Nasdaq: IIJI); IronPort Systems; McAfee Inc.; MX
Logic; NeuStar, Inc.; Outblaze LTD; Return Path, Inc.; Spamhaus; Sprint; and
Symantec

A complete member list is available at http://www.maawg.org/about/roster.