I&JPN releases Framing Brief to improve the workflow of fighting botnets

Published on
October 4, 2022

The Internet & Jurisdiction Policy Network Domains & Jurisdiction Program has prepared a Framing Brief to help operators, law enforcement, security researchers and governments address the challenges of remediating botnets and the threats they pose.

The outcome was presented at a webinar on October 26, 2022.

A Botnet (short for “robot network”) is a network of servers and devices that have been targeted and infected by malware to put the network under the control of a single attacking party. The attacking party can use the computers on its botnet to carry out coordinated criminal action. The scale of a botnet enables the attacker to perform widespread malicious actions, such as phishing, spam delivery, or even denial of service attacks.

The I&JPN Framing Brief includes an overview of the cooperation and coordination challenges arising in the mitigation of botnets at a global scale and identifies key questions that need to be addressed.


Fighting botnets is a complex task requiring international cooperation. Those that are directly involved in botnet remediation may find this framing brief useful as a conversation starter on how international coordinated action and processes may be improved in the context of botnet remediation,” said Ajith Francis, Director, I&JPN, Policy Programs.

The Framing brief is structured into three sections: 

  • The current approach and its limitations: It provides a brief outline of the botnet remediation processes, including legal procedures, ICANN rules that apply to gTLD registries, and the challenges presented when international cooperation and coordination are required.

  • Potential avenues for moving forward: Drawing on the good practice already in place, the framing brief explores several avenues going forward. First, the scope of action is discussed detailing different options and approaches, including reservation and registration of domain names and sinkholing. Next, the section discusses the use of “evergreen language” in the ERSR requests and court orders.

  • Elements for further consideration: Finally the Framing Brief lists a number of additional elements that would benefit from further deliberation, particularly on: 1) how to facilitate a global emergency response mechanism 2) how to secure the cooperation of ccTLD operators, and how to address questions pertaining to 3) name collisions, and 4) secrecy.

There are botnet remediation action coordination and cooperation mechanisms, however, there are some good practices or aspects that could be improved and more widely used. Every step that can lead to a more effective and easier remediation action is a welcome development,” said Contact Group Coordinator, Brian Cimbolic, Vice-President and General Counsel, PIR.