For the last few years, I have been participating in a Department of Homeland Security sponsored effort to develop principles and applications for the evaluation of information and communication technology (ICT) research. If you are not familiar with the Menlo Report, you can find a description in Michael Bailey, David Dittrich, Erin Kenneally, and Douglas Maughan. The Menlo Report. Security & Privacy, IEEE, 10(2):71–75, March/April 2012.

I and two of my Menlo colleagues – Wendy Vischer and Erin Kenneally – recently taught a didactic course at the PRIM&R Advancing Ethical Research conference in San Diego. (PRIM&R is the conference for Institutional Review Board, or IRB, professionals, with the annual AER conference having thousands of attendees). Our course primarily described the Menlo Report process to date, but we concluded with a mock IRB committee review of a fictional proposed research project in which researchers develop countermeasures to malicious botnets in social network platforms like Facebook using a combination of deception to build a social network of over 1 million users and to then use “good bots” that infiltrate the “bad bots”. (Just so you know, I have been an affiliated scientist full member on one of the University of Washington’s IRB committees since 2009. I lend my expertise in data security to investigators in designing their research protocols and in committee discussions of research studies associated with the UW. I highly encourage other computer security researchers to do the same for their local research institutions with IRBs.)

Folks,

I would like to inform you all about our recent activities that we are attempting to achieve.

First of all, we have totally rebuilt our web site. This new ones aim to be a central repository of all the (external/internal) news concerning botnets (mainly) and malwares (secondary).
We will use the blog for posting about our project developments, and for commenting/reporting interesting news concerning the field that we are currently treating, so you can now add a new entry to your feeds reader :)
The repository section aims to maintain a complete library of all the publications redacted (by us or others) until today about botnets. Each one can be tagged and classified for giving an easy way for searching what a researcher needs. If you have a paper/doc about botnets, we will be proud to upload it here!
The Dorothy section is the web GUI of the framework developed by me about irc-botnet tracking through interactive visualization. Maybe you have seen it before (I’ve posted the link in this mailing list some months ago), since that I’ve improved the GUI adding a “malwares” task for each C&C, and providing an afterglow graph for each malware and for each C&C .
We are also maintaining a Wiki, here you can find all information about our tools/activities: you are all invited to contribute on it. The wiki has been recently “plugged” with the GUI giving the possibility to create a new page for each C&C, in this way, every researcher can write about his own investigation about it.