Is It Really Too Late to Beat Bots?

To my mind it's been obvious for many, many years, since before we even spoke of "botnets": The only way to stop them is to get ISPs on board, to have them look for malicious behavior and stamp it out, even from paying customers.

Recently a large ISP took such a step: BT (that used to stand for "British Telecom" the way "AT&T" and "IBM" used to stand for something) announced that it will be implementing outbound spam detection with products and services from StreamShield Networks. BT is a dominant DSL player in the United Kingdom.

For more on this topic, see Is the Botnet Battle Already Lost?

As I wrote a few weeks ago, tools are beginning to emerge for ISPs to fight back.

The ICSS tool I described there focuses on DNS, a very good place to look. There are many other approaches, and used in concert they can catch a great deal.

The StreamShield Networks Content Forensics tool that BT will be using looks for spam by monitoring SMTP traffic, a more conventional route. You can tell a lot just by looking at rates of mail transmission.

Another opportunity for ISPs comes from Simplicita, which lets ISPs network with others and with reputation and security companies to share data on bots and coordinate it with their own internal data.