M3AAWG Releases First Bot Metrics Directly From Network Operators, Offers Insiders’ View on the Pervasiveness of Malware
October 2014 by M3AAWG
Each month, over 1% percent of unique consumer network subscribers are identified as having some type of malware on their systems with service providers notifying 94 to 99 percent of those users about the problem, according to a report released today from the Messaging, Malware and Mobile Anti-Abuse Working Group. The new M3AAWG Bot Metrics and its ongoing reporting program is the first industry assessment that is based on data collected directly from service providers indicating what percentage of consumers are infected with malicious code.
"Since bots evolve so quickly and are designed to operate under the radar without being detected, it’s been difficult to accurately quantify the extent of the problem. And it’s hard to gauge the industry’s progress against a threat we can’t measure. But this report sheds new light on the issue because the data comes directly from network operators with the first-hand experience of identifying these threats in the wild. Going forward, these metrics will be an objective benchmark of how well the entire ecosystem is cooperating in fighting malware," said Chris Roosenraad, M3AAWG Chairman of the Board.
The M3AAWG Bot Metrics Report is based on aggregated monthly data voluntarily provided by network operators from multiple countries that is summarized by quarter. According to the report, operators found that .84 to 1.18 percent of unique subscribers were infected with malware in 2012. Over 99 percent of these subscribers were informed they had a bot, except during the third quarter when notifications fell slightly to 98.41 percent. The third quarter also was the lowest infection period reported in the 2012 metrics.
The bot rate in 2013 varied from 1.04 to .8 percent with an ongoing notification rate above 99 percent, except during the last quarter when operators informed 93.99 percent of their subscribers that they had malware on their computers. The fourth quarter also had the lowest 2013 rate of infection.
The first report covers a quarterly average of up to 43.5 million consumer connections. Each subscriber connection might represent more than one end-user or include multiple devices, indicating the actual number of users could be much higher. Since bot definitions can differ around the world, the data represents the total volume of malware, or malicious code, network operators discovered in processing subscribers’ email or other Internet activities during the month. The metrics will be updated periodically as part of the ongoing program and do not include enterprise business networks.
The initiative grew out of recommendations from the Federal Communications Commission’s 2012 CSRIC III Working Group 7, a voluntary joint industry-government effort that focused on raising awareness among network operators about proven practices to help mitigate bots on their system. M3AAWG members followed up on this 2012 work, investing over a year of their time to develop the measurement program, Roosenraad said.
M3AAWG has issued similar quarterly spam metrics since 2007 reporting the volume of abusive email identified by network operators. The M3AAWG Email Metrics Report has consistently shown that mailbox providers stop almost 90 percent of spam before it reaches end-users’ inboxes. The 2013 email metrics will be released at the M3AAWG 32nd General Meeting in Boston, October 20-23.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Mailchimp; Orange (NYSE: ORA) (EURONEXT: ORA); PayPal; Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; BAE Systems Detica; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Dyn; iContact/Vocus; Internet Initiative Japan (IIJ) (NASDAQ: IIJI); Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; Proofpoint; Scality; Spamhaus; Sprint; Symantec; tw telecom and Twitter.
A complete member list is available at http://www.m3aawg.org/about/roster.