Botnet Statistical Analysis Tool for Limited Resource Computer Emergency Response Team

Botnet is recognized as one of the fastest growing threat to the Internet and most users do not aware that they were victimized. ThaiCERT is one of many computer emergency response teams that have limited resources in term of budget to monitor and handle this kind of threat. An interim solution for teams with limited resource is to subscribe to the Shadowserver Foundation´s mailing list instead of deploying their own capturing and monitoring tools. The valuable information from the Shadowserver Foundation in form of plaintext e-mails may be difficult to manage and analyze. However, there is a need to analyze information provided by the Shadowserver Foundation to be able to efficiently handle botnet´s incidents for our own constituency. In this manuscript, we present our approach to handle the botnet threat using available information from the Shadowserver Foundation and describe our automate tool using by our incident handling team. Finally, we present our statistical data on botnet´s threat in our constituency over the last two years.