Bot Countermeasures in Japan [email protected] it · 5 Anti-Bot Countermeasure in Japan Current...
Transcript of Bot Countermeasures in Japan [email protected] it · 5 Anti-Bot Countermeasure in Japan Current...
Apr
il 22
-23,
200
7
Mas
ayas
uM
UR
AN
OD
eput
y D
irect
or, O
ffice
of I
T S
ecur
ity P
olic
yC
omm
erce
and
Info
rmat
ion
Pol
icy
Bur
eau
Min
istry
of E
cono
my,
Tra
de a
nd In
dust
ryJA
PAN
itit --se
curit
y@m
eti.g
o.jp
secu
rity@
met
i.go.
jp
Ant
iA
nti -- B
ot C
ount
erm
easu
res
in J
apan
Bot
Cou
nter
mea
sure
s in
Jap
an
1
Tabl
e of
con
tent
s
I.M
ETI’s
Info
rmat
ion
Secu
rity
Polic
yII.
Ant
i-Bot
Cou
nter
mea
sure
s in
Jap
ana.
Abou
t “Bo
t”an
d “B
otne
t.”b.
Cur
rent
Sta
tus
of “B
ot”i
n Ja
pan.
c.Jo
int P
roje
ct fo
r Ant
i-Bot
Cou
nter
mea
sure
s d.
Org
aniz
atio
nal S
truct
ure
e.W
orkf
low
f.C
urre
ntR
esul
tsg.
Nex
t ste
p to
war
d en
hanc
ing
our p
roje
ctⅢ
.M
IC’s
Info
rmat
ion
Secu
rity
Polic
y
From M
IC
2
Tech
nolo
gica
l M
easu
res
Wat
ch, W
arni
ngan
d Res
pons
e
Awar
enes
s, T
rain
ing,
&
Edu
catio
nSe
curit
y M
anag
emen
t
MET
IM
ETI ’’ ss
Info
rmat
ion
Secu
rity
Polic
y In
form
atio
n Se
curit
y Po
licy
Com
pone
nts
of M
ETI
Com
pone
nts
of M
ETI ’’ s
IT S
ecur
ity P
olic
ys
IT S
ecur
ity P
olic
y
I II
III
IV
3
(i) In
cide
nt re
spon
se (1
990-
)-G
athe
ring
dam
age
repo
rts
on v
iruse
s an
dun
auth
oriz
ed a
cces
s-P
reve
ntin
g ex
pans
ion
of-
dam
age
(ii) T
raffi
c m
onito
ring
(200
3-)
-Rea
l-tim
e de
tect
ion
ofco
mpu
ter s
ecur
ity in
cide
nts
on th
e In
tern
et
(iv) E
nhan
cem
ent o
f ear
lyw
arni
ng s
yste
m (2
006-
)-T
akin
g an
ti-B
ot m
easu
res,
anti-
Phis
hing
mea
sure
s
(iii)
Vuln
erab
ility
han
dlin
g(2
004-
)-H
andl
ing
of v
ulne
rabi
lity
info
rmat
ion
by th
e pa
rties
co
ncer
ned
-Rap
id p
rovi
sion
of
coun
term
easu
res
to u
sers
-Spr
ead
of P
Cs
-Crim
inal
dis
play
of
abilit
y-R
estri
cted
dam
age
-Spr
ead
of t
he In
tern
et-L
arge
-sca
le d
amag
e-P
rogr
ess
of s
harin
g of
info
rmat
ion
on a
ttack
s
-Exp
osur
e of
vu
lner
abili
ty o
fso
ftwar
e pr
oduc
ts-S
ophi
stic
ated
viru
ses
and
wor
ms
-Eco
nom
ic m
otiv
es
(pre
tens
e, fr
aud)
-Pro
gres
s of
sy
stem
atic
, dis
tribu
ted
and
mul
tiple
atta
cks
1st S
tage
2nd
Stag
e
3rd
Stag
e
4th
Stag
e
Ana
lysi
sA
naly
sis
-Con
firm
atio
n of
dam
age
right
af
ter s
ecur
ity
inci
dent
s
-Rea
l-tim
e re
cogn
ition
and
an
alys
is o
f cau
ses
-Res
trict
ion
of
dam
age
-Rec
ogni
tion
of
caus
es p
roac
tivel
y
-Res
train
t and
re
stric
tion
of
dam
age
-Coo
pera
tion
with
serv
ice
prov
ider
s-R
estra
int a
nd
rest
rictio
n of
da
mag
e th
roug
h ov
eral
l m
easu
res
MET
I’s P
olic
yM
ETI’s
Pol
icy
Issu
ed th
e st
anda
rd fo
r han
dlin
g of
vu
lner
abilit
y-re
late
d In
form
atio
n on
sof
twar
e pr
oduc
ts, e
tc. i
n 20
04.
Issu
ed th
e st
anda
rd to
take
mea
sure
s ag
ains
t vi
ruse
s in
199
0
Issu
ed th
e st
anda
rd to
take
mea
sure
s ag
ains
t un
auth
oriz
ed a
cces
s in
199
6
Rei
ssue
d th
e st
anda
rd to
take
mea
sure
s ag
ains
t viru
ses
in 1
995
Pub
lishe
d “C
ompr
ehen
sive
Stra
tegy
on
Info
rmat
ion
Secu
rity”
in 2
003
1990
2000
2003
2004
2005
MET
I’s A
ctio
nsM
ETI’s
Act
ions
Thro
ugh
publ
ishi
ng N
otifi
catio
ns, M
ETI
ha
s m
ade
stan
dard
s, a
nd p
rovi
ded
fram
ewor
ks in
ord
er to
pro
mpt
the
priv
ate
sect
or to
dea
l with
com
pute
r se
curit
y in
cide
nts
appr
opria
tely
.
* * * * *
MET
IM
ETI ’’ ss
Info
rmat
ion
Secu
rity
Polic
yIn
form
atio
n Se
curit
y Po
licy
Res
pons
es to
Cha
nges
in In
form
atio
n Se
curit
y Is
sues
Res
pons
es to
Cha
nges
in In
form
atio
n Se
curit
y Is
sues
4
Rem
ote
inst
ruct
ion
Ant
iA
nti -- B
ot C
ount
erm
easu
res
in J
apan
Bot
Cou
nter
mea
sure
s in
Jap
anA
bout
A
bout
““B
otB
ot””
and
and
““ Bot
net.
Bot
net.
””
“Bot
”pro
gram
s ar
e na
med
afte
r “R
obot
”and
are
a k
ind
of m
alw
are.
“Bot
”pro
gram
s in
fect
like
a c
ompu
ter v
irus,
and
exe
cute
“Bot
”pro
gram
s by
re
mot
e in
stru
ctio
n fro
m th
e at
tack
ers,
rath
er li
ke a
Tro
jan
hors
e.
Num
bers
of B
ots
can
be o
rgan
ized
to fo
rm a
“Bot
net”
whi
ch a
void
s co
unte
rmea
sure
s by
cam
oufla
ging
orig
in o
f th
e at
tack
.
“Bot
”pro
gram
s ar
e na
med
afte
r “R
obot
”and
are
a k
ind
of m
alw
are.
“Bot
”pro
gram
s in
fect
like
a c
ompu
ter v
irus,
and
exe
cute
“Bot
”pro
gram
s by
re
mot
e in
stru
ctio
n fro
m th
e at
tack
ers,
rath
er li
ke a
Tro
jan
hors
e.
Num
bers
of B
ots
can
be o
rgan
ized
to fo
rm a
“Bot
net”
whi
ch a
void
s co
unte
rmea
sure
s by
cam
oufla
ging
orig
in o
f th
e at
tack
.
Bot
net
SPA
M M
ail
Bot
DD
oS A
ttack
IRC
, P2P
etc
.
Phis
hing
Site
, etc
.
Bot
pro
gram
5
Ant
iA
nti -- B
ot C
ount
erm
easu
re in
Jap
anB
ot C
ount
erm
easu
re in
Jap
anC
urre
nt S
tatu
s of
C
urre
nt S
tatu
s of
““B
otB
ot””
in J
apan
.in
Jap
an.
Abou
t 70
kind
s of
mal
war
e, in
clud
ing
bots
, are
det
ecte
d ea
ch d
ay.
It w
as e
stim
ated
that
400
–50
0,00
0 in
tern
et u
sers
(2-2
.5 %
of J
apan
ese
ISP
user
s) a
re in
fect
ed in
Jap
an.
Susp
icio
us a
ctiv
ities
aga
inst
gov
ernm
enta
l org
aniz
atio
ns a
nd c
ritic
al
infra
stru
ctur
es u
sing
mal
war
e in
clud
ing
botp
rogr
ams
war
e re
porte
d.
Abou
t 70
kind
s of
mal
war
e, in
clud
ing
bots
, are
det
ecte
d ea
ch d
ay.
It w
as e
stim
ated
that
400
–50
0,00
0 in
tern
et u
sers
(2-2
.5 %
of J
apan
ese
ISP
user
s) a
re in
fect
ed in
Jap
an.
Susp
icio
us a
ctiv
ities
aga
inst
gov
ernm
enta
l org
aniz
atio
ns a
nd c
ritic
al
infra
stru
ctur
es u
sing
mal
war
e in
clud
ing
botp
rogr
ams
war
e re
porte
d.
Res
earc
h R
esults
Sourc
e: J
PCERT/C
C,
Tel
ecom
-ISAC J
apan
Res
earc
h p
erio
d:
April 1,
2005 -
May
12,
2005
70
.084.2
2,9
38
3,5
37
Unkn
ow
n
18.3
674.0
767
28,3
09
Know
n
88.2
758.2
3,7
05
31,8
46
Tota
l
Kin
ds
of
malw
are
det
ecte
d
No.
of
malw
are
det
ecte
d
Kin
ds
of
malw
are
det
ecte
d
No.
of
malw
are
det
ecte
d
Ave
. (p
er d
ay)
Tota
l
6
Ant
iA
nti -- B
ot C
ount
erm
easu
re in
Jap
anB
ot C
ount
erm
easu
re in
Jap
anJo
int P
roje
ct fo
r Ant
iJo
int P
roje
ct fo
r Ant
i -- Bot
Cou
nter
mea
sure
sB
ot C
ount
erm
easu
res
FY20
06, M
IC a
nd M
ETI s
tarte
d a
join
t pro
ject
for “
Anti-
Bot
coun
term
easu
res.
”Th
e ob
ject
ive
of th
e pr
ojec
t is
toPr
even
t inf
ectio
ns :
in c
oope
ratio
n w
ith a
nti-v
irus
softw
are
vend
ers.
Bloc
k sp
am m
ails
and
cyb
er a
ttack
s fro
m b
ot-in
fect
ed
com
pute
rs b
y re
duci
ng n
umbe
r of b
ot-in
fect
ed u
sers
in
Japa
n: in
coo
pera
tion
with
ISPs
.
FY20
06, M
IC a
nd M
ETI s
tarte
d a
join
t pro
ject
for “
Anti-
Bot
coun
term
easu
res.
”Th
e ob
ject
ive
of th
e pr
ojec
t is
toPr
even
t inf
ectio
ns :
in c
oope
ratio
n w
ith a
nti-v
irus
softw
are
vend
ers.
Bloc
k sp
am m
ails
and
cyb
er a
ttack
s fro
m b
ot-in
fect
ed
com
pute
rs b
y re
duci
ng n
umbe
r of b
ot-in
fect
ed u
sers
in
Japa
n: in
coo
pera
tion
with
ISPs
.
“…th
e go
vern
men
t will
mak
e ef
forts
…w
ith th
e pu
rpos
e of
re
duci
ng th
e nu
mbe
r of i
ndiv
idua
ls w
ho fe
el in
secu
re a
bout
IT
use
as c
lose
as
poss
ible
to z
ero
by th
e be
ginn
ing
of fi
scal
20
09.”
---In
form
atio
n Se
curit
y Po
licy
Cou
ncil,
“The
Firs
t N
atio
nal S
trate
gy o
n In
form
atio
n Se
curit
y”,
Feb.
2, 2
006
“…th
e go
vern
men
t will
mak
e ef
forts
…w
ith th
e pu
rpos
e of
re
duci
ng th
e nu
mbe
r of i
ndiv
idua
ls w
ho fe
el in
secu
re a
bout
IT
use
as c
lose
as
poss
ible
to z
ero
by th
e be
ginn
ing
of fi
scal
20
09.”
---In
form
atio
n Se
curit
y Po
licy
Cou
ncil,
“The
Firs
t N
atio
nal S
trate
gy o
n In
form
atio
n Se
curit
y”,
Feb.
2, 2
006
7
Ant
iA
nti -- B
ot C
ount
erm
easu
re in
Jap
anB
ot C
ount
erm
easu
re in
Jap
anO
rgan
izat
iona
l Str
uctu
reO
rgan
izat
iona
l Str
uctu
re
BIG
LOBE,
DIO
N,
Hi-
ho,
IIJ
@nifty
, O
CN
, O
DN
, Yahoo B
B
CC
C S
teeri
ng
Co
mm
itte
eO
rgan
ized
by M
IC &
METI
Gro
up
on
Pre
ven
tin
g
Bo
t In
fect
ion
:
Org
an
ized
by
Gro
up
on
An
aly
zin
g B
ot
Pro
gra
ms:
O
rgan
ized
by
Gro
up
on
Op
era
tin
g
An
ti-B
ot
Syst
em
s :
Org
an
ized
by
Part
ner
ISP
s
Tre
nd M
icro
SO
URCEN
EXT,
Tre
nd M
icro
, M
icro
soft
, M
acAfe
e, S
ymante
c
Part
ner
Bot
An
aly
sis
Co
mp
an
y
Part
ner
An
ti-V
iru
sS
oft
ware
Ven
do
rs
Sato
shi M
UR
AK
AM
ID
epu
ty d
irec
tor
IT S
ecu
rity
Off
ice,
Info
rmat
ion
an
d C
omm
uni
cati
ons
Pol
icy
Bu
reau
,M
inis
try
of I
nte
rnal
Aff
airs
an
d C
omm
unic
atio
ns
(MIC
)
Ⅱ. A
nti-B
ot C
ount
erm
easu
res
in J
apan
e.W
orkf
low
f.C
urre
ntR
esul
tsg.
Nex
t ste
p to
war
d en
hanc
ing
our p
roje
ctⅢ
. MIC
’s In
form
atio
n Se
curit
y Po
licy
(con
t’d)
9
Colla
bora
tion
amon
g2
min
istr
ies
(MIC
and
MET
I),
8 In
tern
et s
ervi
ce p
rovi
ders
(cu
rren
tly),
An
tiviru
s ve
ndor
s, e
tc.
From
FY
2006
to
2010
Mai
n pu
rpos
e:To
red
uce
the
num
ber
of b
ot-in
fect
ed u
sers
An
ti-b
ot C
oun
term
easu
res
Laun
ched
our
pro
ject
“an
ti-bo
t co
unte
rmea
sure
s”
・O
ur p
orta
l site
: Cy
ber
Clea
n Ce
nter
http
s://
ww
w.c
cc.g
o.jp
/ht
tps:
//w
ww
.ccc
.go.
jp/
10
Super
Honey
Pots
・・・・
・・
!!PC
s in
fect
ed
by B
ot p
rogr
ams
Dyn
amic
& s
tati
stic
anal
ysis
Info
rmat
ion
on a
ttack
sour
ces
Cre
ate
Bot
rem
oval
too
las
kn
own
“C
CC
cle
aner
”
Det
ect
infe
cted
P
Cs
and
use
rsR
ecom
men
d t
o in
stal
l th
e C
CC
cle
aner
Dow
nlo
ad
the
CC
C c
lean
er
DD
osS
pam
e-m
ail
Bot
pro
gram
An
ti-b
otco
un
term
easu
res
-W
orkf
low
Acc
ess
to o
ur
port
al s
ite
Dow
nlo
ad f
orfr
ee!!
①①
③③
②②
②’
②’
④④
➄➄
ISP CC
C.G
O.J
P➄➄
11
Cu
rren
t re
sult
s
57
,0
00
dow
nlod
edou
r re
mov
al t
ools
29
,0
00
Bot
prog
ram
s ca
n be
rem
oved
by
com
mer
cial
ant
iviru
s so
ftw
are
1,
30
0Bo
t pr
ogra
ms
refle
cted
in o
ur
rem
oval
too
ls (h
ash
uniq
ue)
31
,0
00
trap
ped
Bot
prog
ram
s(h
ash
uniq
ue)
Tota
l (ro
und
off
for
ease
of
und
erst
andi
ng)
from
Dec
.’06
to M
ar.‘0
7
12
Nex
t st
ep in
en
han
cin
g ou
r pr
ojec
t
Chan
ge t
he c
ompo
sitio
n of
hon
eypo
ts
Broa
den
the
reac
h of
ISP
s
Build
a c
lose
r re
latio
nshi
p w
ith g
loba
l par
tner
s
Info
rm t
he p
ublic
abo
ut a
nti-m
alw
are
mea
sure
s
13
Oth
er a
ctiv
itie
s fo
r IC
T Se
curi
ty in
MIC
Bols
ter
the
info
rmat
ion
shar
ing
and
anal
yzin
g ac
tiviti
es a
mon
g te
leco
mm
unic
atio
ns
com
pani
es→
Tele
com
-ISA
C Ja
pan
Prom
ote
R&
D f
or t
he I
nfor
mat
ion
secu
rity
Stre
ngth
en e
duca
tiona
l act
iviti
es o
f th
e In
form
atio
n se
curit
y fo
r In
tern
et u
sers
Enha
nce
the
deve
lopm
ent
of h
uman
res
ourc
es
for
the
Info
rmat
ion
secu
rity
14
Wh
at is
th
e Te
leco
m-I
SAC
JA
PA
N?
Mem
bers
Pres.
: KDDI Corp.
VP’s : NTT Communications Corp., NIFTY Corp.
Members
: NEC Corp.,SOFTBANK TELECOM Corp., Internet Initiative Japan Inc., Hitachi,
Ltd.,
Matsushita Electric Industrial Co., Ltd., Oki Electric Industry Co.,
Ltd.,
SOFTBANK BB Corp.,Yokogawa Electric Corp., Matsushita Electric Works,
Ltd.,
NTT NaviSpace Corp., NIPPON TELEGRAPH AND TELEPHONE EAST Corp.,
NIPPON TELEGRAPH AND TELEPHONE WEST Corp., NTT VISUAL COMMUNICATIONS
Corp.,
NIPPON TELEGRAPH AND TELEPHONE Corp.
Alliance members: Little eArth Corporation Co.,Ltd., Intec NetCore Inc.,Trend Micro Inc.,
Internet Security Systems K.K.
Observers
:Ministry of Internal Affairs and Communications,
National Institute of Information andCommunications Technology, etc
●Ja
pan’s first ISAC established in
July 2002.
●Me
mbers includin
g telecommunicati
ons carriers coll
ect, analyze and
share information
and
take timely measures to ensure trou
ble free and stab
le operations of
services.
●Ja
pan’s first ISAC established in
July 2002.
●Me
mbers includin
g telecommunicati
ons carriers coll
ect, analyze and
share information
and
take timely measures to ensure trou
ble free and stab
le operations of
services.
Responses to DDoS
attacks
Wide area monitori
ngMonitoring of BGP
routing informati
onMeasures to counte
r Antinny
Measures to counte
r Bot program / O
peration of the w
ebsite CCC
etc
Main
activities
of WG
https://www.telecom-isac.jp/
15
Mid
-an
d-lo
ng
term
pol
icy
obje
ctiv
es
Base
d on
the
Firs
t N
atio
nal S
trat
egy
on
Info
rmat
ion
Secu
rity,
the
gov
ernm
ent
aim
s to
m
ake
Japa
n an
“inf
orm
atio
n se
curit
y ad
vanc
ed
natio
n”
“Est
ablis
h th
e tr
uste
d ne
twor
k w
e ca
n us
e ea
sily
, saf
ely
and
secu
rely
”
The
Japa
nese
gov
ernm
ent
The
Min
istry
of I
nter
nal A
ffairs
and
Com
mun
icat
ions
16
E-m
ail a
ddre
sses
:its
ecur
ity@
ml.s
oum
u.go
.jpvo
ice@
ccc.
go.jp
URLs
:
http
://w
ww
.sou
mu.
go.jp
/eng
lish/
inde
x.ht
ml
http
://w
ww
.met
i.go.
jp/e
nglis
h/in
dex.
htm
l
http
s://
ww
w.c
cc.g
o.jp
Ple
ase
addr
ess
any
ques
tion
syo
u m
ay h
ave
to・・・