This last week I was among those at the “secretive conference” of security folks, ISPs and law-enforcement agents to discuss bots. Much like at last year’s VB conference, there was much discussion about the need for more cooperation and information-sharing between bot-fighters. Not just within the three groups but within each of the individual disciplines. People within all of the three groups were clear that none of us have all the pieces of the puzzle, and that in order for us to truly make a dent in the growth of bots and botnets, we need to share more of our information with each other.

There has been much made of turf wars within the bot herder community, but the more notable thing in terms of fighting these bots is actually how much they’re cooperating. We know they’ve been pooling resources to code their bots, but apparently they’re also sharing botnet resources quite widely (for instance, to take down a particularly robust website that they wish to attack).

There was a significant sense of frustration from all concerned about the lack of resources for the Good Guys, versus the rewards for the bot herders. Often an iron-clad case will be given to the relevant authorities, only to have the case go nowhere because the bot herders are minors and/or from a non-cooperative country.

The good news in all this is that, while things may look dim at times, events like these can and do create a lot of good connections in important places. It’s about getting the right information to the right people to not only take down isolated pieces of the puzzle, but larger and more significant chunks of the gangs behind this crimeware.