The National Cyber-Forensics & Training Alliance (NCFTA) has established the Malware & Botnet Initiative to better understanding the technology and identifying individuals or groups who utilize malicious code to enable crimes.
The NCFTA maintains a collection of data regarding malicious code incidents, the network architecture being utilized to execute the schemes, and the communication channels implemented in these architectures. NCFTA technical teams analyze this data to, among other things, identify criminal hosting providers that allow malicious code to be distributed through their servers.
The data is also correlated with other datasets to link malicious code incidents with other cyber crimes, such as brokerage fraud, economic espionage, phishing and other types of credential theft. In doing so, the NCFTA seeks to identify trends or patterns within the data repository that will help to better detect such threats in the future and to assist in mitigation and neutralization efforts together with NCFTA partners.
NCFTA analysts also participate in a number of operational security communities and working groups that focus on cyber threats associated with malicious code. In doing so, NCFTA staff members seek to strike a delicate balance between monitoring for investigations and aggressive mitigation when appropriate, to protect partners and other U.S. economic interests.