We have this week about ten to twenty million of personal computers that were part of botnets and that as zombies have now lost control and contact with their criminal masters and their infrastructure.
There is no way that we can clean them up manually or individually.
But we have captured the infrastructure and the botnet control scripts or domains that are used.
The idea is the following.
All those infected computers should receive a security cleaning and update. It will otherwise change nothing at the threat landscape because those computers will be rehacked and rebotnetted again and again. Probably the other botnets are already trying to reinfect or take over those computers.
So let's use the botnet infrastructure and commands and domains to send a message to those users that they were infected by a botnet and that they should install antivirus software.
Problem is how do you do it while we are telling everyone that they shouldn't click on security alerts that are popping up their screen because they could click on fake security software that is malware in fact.
Maybe the conficker working group can be used. They work through the certs that distribute the IP adresses through their ISP's and at least the network admins will be informed and can clean up these stations or contact the users. For the other individuals maybe one should make an online checkpage or an auto-download directly from their ISP and announce that they have to install the necessary software (without adding other things so that there is no privacy or other outcry over which is essentially a security cleaning up operation)
It will also prove that the conficker working group is not so much an overhyped exercise but the setting in motion of an international security cooperation and coordination group that can be essential in the tracking, arresting and cleaning up of those international botnets. As long as we have a minimal state in cyberspace, we should have a maximum cooperation between the private partners at least against organised cybercrime and botnets.
I think it is one of the biggest challenges that are before us as the tracking and arresting or dismanteling of botnets becomes easier, the cleaning up operation afterwards will become more challenging and important.