FYI...

- http://www.eweek.com/article2/0,1895,2030062,00.asp
October 16, 2006
"...The majority of botnet activity is linked to spam runs and ID theft phishing attacks. The typical bot gets installed in thousands of machines and starts harvesting e-mail addresses stored on hard drives. It then installs and opens a generic SOCKS proxy to send massive amounts of spam. In most cases, the bot herders rent the botnets to spammers, but Stewart and others have seen evidence of crime rings operating for-profit botnets. These can be used for extortion (DDoS, or distributed DoS, attacks), traffic sniffing to steal clear-text data passing through a hijacked machine, keystroke logging to steal banking credentials, fraudulent clicks on contextual ad networks, and even the manipulation of online polls and games... "There's no economic incentive for an ISP to sit on the phone for an hour and a half to help a customer get [his or her machine] disinfected. The cost of that is more than the subscription cost," said Stewart. That fact, coupled with the large percentage of computer users running Windows versions without up-to-date patches, creates an environment that's ripe for abuse. "We need to give ISPs better tools to deal with the problem. It's just not economically feasible to do manual remediation with customers," Stewart said. Stewart plans to propose a community effort to create a free tool to help automate the removal of bots from an ISP's network. Several security vendors have started shipping anti-botnet products. In September, Trend Micro released InterCloud Security Service, a new service that provides botnet mitigation technology to ISPs, universities and other large network providers. InterCloud* is capable of identifying zombie drones on a network and provides an automated remediation solution to stop them in real time... But, for now, the drones are winning."
* http://www.trendmicro.com/en/products/nss/...te/overview.htm