{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T06:07:23Z","timestamp":1763705243950,"version":"3.41.0"},"reference-count":117,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,1,2]],"date-time":"2017-01-02T00:00:00Z","timestamp":1483315200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Rutgers University, DIMACS","award":["2009-ST-061-CCI002-06"],"award-info":[{"award-number":["2009-ST-061-CCI002-06"]}]},{"DOI":"10.13039\/100000180","name":"U.S. Department of Homeland Security","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100003246","name":"Netherlands Organisation for Scientific Research","doi-asserted-by":"crossref","award":["628.001.022"],"award-info":[{"award-number":["628.001.022"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2017,12,31]]},"abstract":"<jats:p>Cybercriminal activity has exploded in the past decade, with diverse threats ranging from phishing attacks to botnets and drive-by-downloads afflicting millions of computers worldwide. In response, a volunteer defense has emerged, led by security companies, infrastructure operators, and vigilantes. This reactionary force does not concern itself with making proactive upgrades to the cyber infrastructure. Instead, it operates on the front lines by remediating infections as they appear. We construct a model of the abuse reporting infrastructure in order to explain how voluntary action against cybercrime functions today, in hopes of improving our understanding of what works and how to make remediation more effective in the future. We examine the incentives to participate among data contributors, affected resource owners, and intermediaries. Finally, we present a series of key attributes that differ among voluntary actions to investigate further through experimentation, pointing toward a research agenda that could establish causality between interventions and outcomes.<\/jats:p>","DOI":"10.1145\/3003147","type":"journal-article","created":{"date-parts":[[2017,1,3]],"date-time":"2017-01-03T13:18:41Z","timestamp":1483449521000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["Abuse Reporting and the Fight Against Cybercrime"],"prefix":"10.1145","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7000-8006","authenticated-orcid":false,"given":"Mohammad Hanif","family":"Jhaveri","sequence":"first","affiliation":[{"name":"Southern Methodist University, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Orcun","family":"Cetin","sequence":"additional","affiliation":[{"name":"Delft University of Technology, BX Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, BX Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tyler","family":"Moore","sequence":"additional","affiliation":[{"name":"The University of Tulsa, OK, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michel Van","family":"Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology, BX Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,1,2]]},"reference":[{"unstructured":"AA419. 2016. Artists Against 419--AA419. Retrieved from https:\/\/www.aa419.org. AA419. 2016. Artists Against 419--AA419. Retrieved from https:\/\/www.aa419.org.","key":"e_1_2_1_1_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_2_1","DOI":"10.1145\/1299015.1299021"},{"unstructured":"Abuse Information Exchange. 2016. Abuse Information Exchange. Retrieved from https:\/\/www.abuse informationexchange.nl\/english. Abuse Information Exchange. 2016. Abuse Information Exchange. Retrieved from https:\/\/www.abuse informationexchange.nl\/english.","key":"e_1_2_1_3_1"},{"unstructured":"ACDC. 2016. Advanced Cyber Defence Centre. Retrieved from https:\/\/www.acdc-project.eu. ACDC. 2016. Advanced Cyber Defence Centre. Retrieved from https:\/\/www.acdc-project.eu.","key":"e_1_2_1_4_1"},{"volume-title":"Managing Information Risk and the Economics of Security","author":"Anderson Ross","key":"e_1_2_1_5_1"},{"unstructured":"Anti-Botnet-Advisory Centre. 2016. Anti-Botnet Advisory Centre. Retrieved from https:\/\/www.botfrei.de. Anti-Botnet-Advisory Centre. 2016. Anti-Botnet Advisory Centre. Retrieved from https:\/\/www.botfrei.de.","key":"e_1_2_1_7_1"},{"unstructured":"Manos Antonakakis and Yacin Nadji. 2013. Microsoft DCU\u2014strike three. Now what? Damballa Blog Retrieved from https:\/\/www.damballa.com\/microsoft-dcu-strike-three-now-what-2\/. Manos Antonakakis and Yacin Nadji. 2013. Microsoft DCU\u2014strike three. Now what? Damballa Blog Retrieved from https:\/\/www.damballa.com\/microsoft-dcu-strike-three-now-what-2\/.","key":"e_1_2_1_8_1"},{"volume-title":"Proceedings of the USENIX Security Symposium. USENIX, 491--506","year":"2012","author":"Antonakakis Manos","key":"e_1_2_1_9_1"},{"unstructured":"APWG. 2015. Anti-Phishing Working Group. Retrieved from http:\/\/www.antiphishing.org\/. APWG. 2015. Anti-Phishing Working Group. Retrieved from http:\/\/www.antiphishing.org\/.","key":"e_1_2_1_10_1"},{"unstructured":"APWG. 2016. Report Phishing\u2014APWG. Retrieved from https:\/\/apwg.org\/report-phishing\/. APWG. 2016. Report Phishing\u2014APWG. Retrieved from https:\/\/apwg.org\/report-phishing\/.","key":"e_1_2_1_11_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_12_1","DOI":"10.1109\/MSP.2015.110"},{"doi-asserted-by":"publisher","key":"e_1_2_1_13_1","DOI":"10.1145\/2046684.2046686"},{"unstructured":"BBC. 2014. Millions of German passwords stolen. Retrieved from http:\/\/www.bbc.com\/news\/technology-25825784. BBC. 2014. Millions of German passwords stolen. Retrieved from http:\/\/www.bbc.com\/news\/technology-25825784.","key":"e_1_2_1_14_1"},{"volume-title":"EXPOSURE: Finding malicious domains using passive DNS analysis. In NDSS.","year":"2011","author":"Bilge Leyla","key":"e_1_2_1_15_1"},{"volume-title":"Int. J. Commun. Law Policy 9","year":"2004","author":"Brenner Susan W.","key":"e_1_2_1_16_1"},{"unstructured":"Annemarie Bridy. 2015. A user-focused commentary on the TPP\u2019S ISP safe harbors. Stanford IP-Watch Blog. Retrieved from http:\/\/cyberlaw.stanford.edu\/blog\/2015\/11\/user-focused-commentary-tpp\u2019s-isp-safe-harbors. Annemarie Bridy. 2015. A user-focused commentary on the TPP\u2019S ISP safe harbors. Stanford IP-Watch Blog. Retrieved from http:\/\/cyberlaw.stanford.edu\/blog\/2015\/11\/user-focused-commentary-tpp\u2019s-isp-safe-harbors.","key":"e_1_2_1_17_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_18_1","DOI":"10.2139\/ssrn.2798304"},{"doi-asserted-by":"publisher","key":"e_1_2_1_19_1","DOI":"10.1145\/2488388.2488405"},{"doi-asserted-by":"publisher","key":"e_1_2_1_20_1","DOI":"10.1145\/1963405.1963436"},{"volume-title":"Proceedings of the 14th Annual Workshop on Economics of Information Security (WEIS\u201915)","year":"2015","author":"Cetin Orcun","key":"e_1_2_1_21_1"},{"volume-title":"Proceedings of the Workshop on the Economics of Information Security (WEIS'15)","year":"2014","author":"Chachra Neha","key":"e_1_2_1_22_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_23_1","DOI":"10.1007\/978-3-642-27576-0_25"},{"doi-asserted-by":"publisher","key":"e_1_2_1_24_1","DOI":"10.1016\/j.comnet.2011.07.018"},{"volume-title":"Proceedings of the 6th Conference on Email and Antispam (CEAS).","year":"2009","author":"Clayton Richard","key":"e_1_2_1_25_1"},{"volume-title":"Proceedings of the 9th Annual Workshop on the Economics of Information Security (WEIS\u201910)","year":"2010","author":"Clayton Richard","key":"e_1_2_1_26_1"},{"unstructured":"Conficker Working Group. 2011. Conficker working group: Lessons learned. Retrieved from http:\/\/www.confickerworkinggroup.org\/wiki\/uploads\/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf. Conficker Working Group. 2011. Conficker working group: Lessons learned. Retrieved from http:\/\/www.confickerworkinggroup.org\/wiki\/uploads\/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf.","key":"e_1_2_1_27_1"},{"unstructured":"Conficker Working Group. 2016. Conficker Working Group. (2016). Retrieved from http:\/\/www.conficker workinggroup.org. Conficker Working Group. 2016. Conficker Working Group. (2016). Retrieved from http:\/\/www.conficker workinggroup.org.","key":"e_1_2_1_28_1"},{"unstructured":"Cybercrime tracker. 2016. Cybercrime tracker. Retrieved from http:\/\/cybercrime-tracker.net. Cybercrime tracker. 2016. Cybercrime tracker. Retrieved from http:\/\/cybercrime-tracker.net.","key":"e_1_2_1_29_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_30_1","DOI":"10.1007\/978-3-642-39891-9_19"},{"doi-asserted-by":"publisher","key":"e_1_2_1_31_1","DOI":"10.5555\/2228340.2228349"},{"doi-asserted-by":"publisher","key":"e_1_2_1_32_1","DOI":"10.1145\/2663716.2663755"},{"doi-asserted-by":"publisher","key":"e_1_2_1_33_1","DOI":"10.1145\/2413296.2413302"},{"unstructured":"Europol. 2016. A Collective European Response to Cybercrime. Retrieved from https:\/\/www.europol.europa.eu\/ec3. Europol. 2016. A Collective European Response to Cybercrime. Retrieved from https:\/\/www.europol.europa.eu\/ec3.","key":"e_1_2_1_34_1"},{"unstructured":"Facebook. 2016. Threat Exchange\u2014Threat Exchange - Facebook for Developers. Retrieved from https:\/\/developers.facebook.com\/products\/threat-exchange. Facebook. 2016. Threat Exchange\u2014Threat Exchange - Facebook for Developers. Retrieved from https:\/\/developers.facebook.com\/products\/threat-exchange.","key":"e_1_2_1_35_1"},{"unstructured":"FBI. 2016. FBI Cyber Crimes Division. Retrieved from http:\/\/www.fbi.gov\/about-us\/investigate\/cyber. FBI. 2016. FBI Cyber Crimes Division. Retrieved from http:\/\/www.fbi.gov\/about-us\/investigate\/cyber.","key":"e_1_2_1_36_1"},{"volume-title":"Cyber Security 8 Malware Protection\u2014FireEye","key":"e_1_2_1_37_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_38_1","DOI":"10.1145\/2714576.2714579"},{"volume-title":"Update: Details on Microsoft Takeover. Retrieved July, 10 2014 from http:\/\/www.noip.com\/blog\/2014\/07\/10\/microsoft-takedown-details-updates\/.","year":"2014","author":"Goguen Natalie","key":"e_1_2_1_39_1"},{"unstructured":"Google. 2016a. Google Developers\u2014Safe Browsing API. Retrieved 2016 from https:\/\/developers.google.com\/ safe-browsing. Google. 2016a. Google Developers\u2014Safe Browsing API. Retrieved 2016 from https:\/\/developers.google.com\/ safe-browsing.","key":"e_1_2_1_40_1"},{"volume-title":"Retrieved","year":"2016","key":"e_1_2_1_41_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_42_1","DOI":"10.1109\/HICSS.2001.927045"},{"key":"e_1_2_1_43_1","first-page":"163","article-title":"Civil cyberconflict: Microsoft, cybercrime, and botnets","volume":"31","author":"Hiller Janine S.","year":"2014","journal-title":"Santa Clara Comput. High Tech. LJ"},{"volume-title":"About\u2014Information Sharing and Analysis Center.","year":"2016","author":"ISAC.","key":"e_1_2_1_44_1"},{"volume-title":"Proceedings of the USENIX Security Symposium. USENIX Association.","year":"2011","author":"John John P.","key":"e_1_2_1_45_1"},{"volume-title":"Incident Response Made Better by Agile Robots. Retrieved from","year":"2016","author":"Kiuru Antti","key":"e_1_2_1_46_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_47_1","DOI":"10.1080\/00396338.2011.555595"},{"volume-title":"Washington Post","year":"2008","author":"Krebs Brian","key":"e_1_2_1_48_1"},{"unstructured":"Brian Krebs. 2010. Talking bots with Japan\u2019s \u201ccyber clean center.\u201d KrebsonSecurity Retrieved from http:\/\/krebsonsecurity.com\/2010\/03\/talking-bots-with-japans-cyber-clean-center. Brian Krebs. 2010. Talking bots with Japan\u2019s \u201ccyber clean center.\u201d KrebsonSecurity Retrieved from http:\/\/krebsonsecurity.com\/2010\/03\/talking-bots-with-japans-cyber-clean-center.","key":"e_1_2_1_49_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_50_1","DOI":"10.1007\/978-3-319-11379-1_1"},{"key":"e_1_2_1_51_1","doi-asserted-by":"crossref","first-page":"3","DOI":"10.7551\/mitpress\/5326.003.0005","article-title":"Why hackers do what they do: Understanding motivation and effort in free\/open source software projects","volume":"1","author":"Lakhani Karim R.","year":"2005","journal-title":"Perspect. Free Open Source Softw."},{"key":"e_1_2_1_52_1","first-page":"211","article-title":"Proactive botnet countermeasures--an offensive approach","volume":"3","author":"Leder Felix","year":"2009","journal-title":"Virtual Battlefield: Perspect. Cyber Warf."},{"volume-title":"Proceedings of USENIX Security","year":"2011","author":"Leontiadis Nektarios","key":"e_1_2_1_53_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_54_1","DOI":"10.1145\/2660267.2660332"},{"doi-asserted-by":"publisher","key":"e_1_2_1_55_1","DOI":"10.1145\/2872427.2883039"},{"doi-asserted-by":"crossref","unstructured":"Doug Lichtman and Eric Posner. 2006. Holding internet service providers accountable. Supr. Court Econ. Rev. (2006) 221--259. Doug Lichtman and Eric Posner. 2006. Holding internet service providers accountable. Supr. Court Econ. Rev. (2006) 221--259.","key":"e_1_2_1_56_1","DOI":"10.1086\/scer.14.3655313"},{"doi-asserted-by":"publisher","key":"e_1_2_1_57_1","DOI":"10.1016\/S1353-4858(10)70005-2"},{"volume-title":"Proceedings of the 4th USENIX LEET.","year":"2011","author":"Liu He","key":"e_1_2_1_58_1"},{"doi-asserted-by":"crossref","unstructured":"Jason Livingood Nirmal Mody and Mike O\u2019Reirdan. 2012. Recommendations for the Remediation of Bots in ISP Networks. RFC 6561 (Informational). Retrieved from http:\/\/www.ietf.org\/rfc\/rfc6561.txt. Jason Livingood Nirmal Mody and Mike O\u2019Reirdan. 2012. Recommendations for the Remediation of Bots in ISP Networks. RFC 6561 (Informational). Retrieved from http:\/\/www.ietf.org\/rfc\/rfc6561.txt.","key":"e_1_2_1_59_1","DOI":"10.17487\/rfc6561"},{"doi-asserted-by":"publisher","key":"e_1_2_1_60_1","DOI":"10.1111\/j.1467-8683.2007.00565.x"},{"unstructured":"Malware Must Die. 2016. Homepage. Retrieved from http:\/\/malwaremustdie.org Malware Must Die. 2016. Homepage. Retrieved from http:\/\/malwaremustdie.org","key":"e_1_2_1_61_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_62_1","DOI":"10.1016\/S1353-4858(10)70054-4"},{"volume-title":"Proceedings of the 17th USENIX Security Symposium.","year":"2008","author":"Panayiotis Mavrommatis Niels Provos","key":"e_1_2_1_63_1"},{"unstructured":"MDL. 2016. Malware domain List (MDL). Retrieved from http:\/\/www.malwaredomainlist.com. MDL. 2016. Malware domain List (MDL). Retrieved from http:\/\/www.malwaredomainlist.com.","key":"e_1_2_1_64_1"},{"volume-title":"M3AAWG best practices for the use of a walled garden","year":"2007","author":"Messaging Anti-Abuse Working Group","key":"e_1_2_1_65_1"},{"unstructured":"Leigh Metcalf and Jonathan M. Spring. 2013. Everything You Wanted to Know About Blacklists But Were Afraid to Ask. Technical Report. Software Engineering Institute\u2014Carnegie Mellon University. Leigh Metcalf and Jonathan M. Spring. 2013. Everything You Wanted to Know About Blacklists But Were Afraid to Ask. Technical Report. Software Engineering Institute\u2014Carnegie Mellon University.","key":"e_1_2_1_66_1"},{"volume-title":"the FBI, Europol and industry partners disrupt the notorious ZeroAccess botnet. (December","year":"2013","author":"Microsoft News Center","key":"e_1_2_1_67_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_68_1","DOI":"10.17487\/rfc6108"},{"volume-title":"Operation Tovar: The Latest Attempt to Eliminate Key Botnets. Retrieved","year":"2014","author":"Molloy Meaghan","key":"e_1_2_1_69_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_70_1","DOI":"10.1016\/j.ijcip.2010.10.002"},{"doi-asserted-by":"publisher","key":"e_1_2_1_71_1","DOI":"10.1145\/1299015.1299016"},{"doi-asserted-by":"publisher","key":"e_1_2_1_72_1","DOI":"10.1109\/ECRIME.2008.4696968"},{"volume-title":"Financial Cryptography and Data Security (Lecture Notes in Computer Science)","author":"Moore Tyler","key":"e_1_2_1_73_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_74_1","DOI":"10.1007\/978-3-642-03549-4_16"},{"doi-asserted-by":"publisher","key":"e_1_2_1_75_1","DOI":"10.1007\/978-0-387-09762-6_10"},{"key":"e_1_2_1_76_1","first-page":"45","article-title":"The impact of public information on phishing attack and defense","volume":"1","author":"Moore Tyler","year":"2011","journal-title":"Commun. Strat."},{"doi-asserted-by":"publisher","key":"e_1_2_1_77_1","DOI":"10.1162\/DAED_a_00116"},{"doi-asserted-by":"publisher","key":"e_1_2_1_78_1","DOI":"10.1145\/2508859.2516749"},{"doi-asserted-by":"publisher","key":"e_1_2_1_79_1","DOI":"10.1007\/978-3-642-39235-1_1"},{"unstructured":"National Council of ISACs. 2016. National Council of ISACs\u2014About NCI. Retrieved from http:\/\/www.nationalisacs.org\/about-nci. National Council of ISACs. 2016. National Council of ISACs\u2014About NCI. Retrieved from http:\/\/www.nationalisacs.org\/about-nci.","key":"e_1_2_1_80_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_81_1","DOI":"10.1145\/1135777.1135794"},{"doi-asserted-by":"publisher","key":"e_1_2_1_82_1","DOI":"10.1109\/ACSAC.2009.36"},{"unstructured":"Nicole Perlroth and David Gelles. 2014. Russian Hackers Amass Over a Billion Internet Passwords. Retrieved from http:\/\/nytimes.com\/2014\/08\/06\/technology\/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html. Nicole Perlroth and David Gelles. 2014. Russian Hackers Amass Over a Billion Internet Passwords. Retrieved from http:\/\/nytimes.com\/2014\/08\/06\/technology\/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html.","key":"e_1_2_1_83_1"},{"key":"e_1_2_1_84_1","doi-asserted-by":"crossref","first-page":"586","DOI":"10.58948\/2331-3528.1858","article-title":"Global cyber intermediary liability: A legal 8 cultural strategy","volume":"34","author":"Peterson Jason H.","year":"2014","journal-title":"Pace Law Rev."},{"unstructured":"PhishTank. 2016. PhishTank. Retrieved from https:\/\/www.phishtank.com\/. PhishTank. 2016. PhishTank. Retrieved from https:\/\/www.phishtank.com\/.","key":"e_1_2_1_85_1"},{"volume-title":"Proceeding of the 3rd USENIX Workshop on Hot Topics in Security (HotSec\u201908)","year":"2008","author":"Piatek Michael","key":"e_1_2_1_86_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_87_1","DOI":"10.1145\/2398776.2398821"},{"volume-title":"And the Gold Medal Goes to ...Finland! Retrieved Feburary 20","year":"2014","author":"Rains Tim","key":"e_1_2_1_88_1"},{"unstructured":"Anirudh Ramachandran David Dagon and Nick Feamster. 2006. Can DNS-based blacklists keep up with bots? In CEAS. Citeseer. Anirudh Ramachandran David Dagon and Nick Feamster. 2006. Can DNS-based blacklists keep up with bots? In CEAS. Citeseer.","key":"e_1_2_1_89_1"},{"unstructured":"Raytheon. 2016. Forcepoint. Retrieved from https:\/\/www.forcepoint.com. Raytheon. 2016. Forcepoint. Retrieved from https:\/\/www.forcepoint.com.","key":"e_1_2_1_90_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_91_1","DOI":"10.1109\/ecrime.2010.5706697"},{"doi-asserted-by":"publisher","key":"e_1_2_1_92_1","DOI":"10.14722\/ndss.2014.23233"},{"doi-asserted-by":"publisher","key":"e_1_2_1_93_1","DOI":"10.1109\/SP.2013.17"},{"unstructured":"SANS Institute. 2016. SANS Information Security Training. Retrieved from http:\/\/www.sans.org. SANS Institute. 2016. SANS Information Security Training. Retrieved from http:\/\/www.sans.org.","key":"e_1_2_1_94_1"},{"unstructured":"Shadowserver. 2016. Shadowserver Foundation. Retrieved from https:\/\/www.shadowserver.org. Shadowserver. 2016. Shadowserver Foundation. Retrieved from https:\/\/www.shadowserver.org.","key":"e_1_2_1_95_1"},{"volume-title":"Sixth Conference on Email and Anti-Spam (CEAS).","year":"2009","author":"Sheng Steve","key":"e_1_2_1_96_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_97_1","DOI":"10.1016\/j.ijcip.2013.01.002"},{"unstructured":"Spamhaus. 2016. Spamhaus Datafeed. Retrieved from http:\/\/www.spamhaus.org\/datafeed. Spamhaus. 2016. Spamhaus Datafeed. Retrieved from http:\/\/www.spamhaus.org\/datafeed.","key":"e_1_2_1_98_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_100_1","DOI":"10.1109\/INFCOM.2011.5935193"},{"volume-title":"Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats (LEET\u201911)","year":"2011","author":"Stone-Gross Brett","key":"e_1_2_1_101_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_102_1","DOI":"10.1109\/ACSAC.2009.29"},{"unstructured":"Stop Escrow Fraud. 2016. Home - Escrow Fraud Prevention. Retrieved from http:\/\/www.escrow-fraud.com. Stop Escrow Fraud. 2016. Home - Escrow Fraud Prevention. Retrieved from http:\/\/www.escrow-fraud.com.","key":"e_1_2_1_103_1"},{"unstructured":"StopBadware. 2016. Data Sharing Program. Retreived from https:\/\/www.stopbadware.org\/data-sharing. StopBadware. 2016. Data Sharing Program. Retreived from https:\/\/www.stopbadware.org\/data-sharing.","key":"e_1_2_1_105_1"},{"unstructured":"Symantec. 2016a. Blue Coat\u2014Network + Security + Cloud. Retrieved from https:\/\/www.bluecoat.com. Symantec. 2016a. Blue Coat\u2014Network + Security + Cloud. Retrieved from https:\/\/www.bluecoat.com.","key":"e_1_2_1_106_1"},{"unstructured":"Symantec. 2016b. Norton Safe Web. Retrieved from https:\/\/safeweb.norton.com. Symantec. 2016b. Norton Safe Web. Retrieved from https:\/\/safeweb.norton.com.","key":"e_1_2_1_107_1"},{"volume-title":"WEIS","year":"2013","author":"Tang Qian","key":"e_1_2_1_108_1"},{"unstructured":"The Shadowserver Foundation. 2014. GameoverZeus 8 Cryptolocker. Retrieved July 8 2014 from http:\/\/blog.shadowserver.org\/2014\/06\/08\/gameover-zeus-cryptolocker\/. The Shadowserver Foundation. 2014. GameoverZeus 8 Cryptolocker. Retrieved July 8 2014 from http:\/\/blog.shadowserver.org\/2014\/06\/08\/gameover-zeus-cryptolocker\/.","key":"e_1_2_1_109_1"},{"unstructured":"Michel van Eeten Hadi Asghari Johannes M. Bauer and Shirin Tabatabaie. 2011. Internet Service Providers and Botnet Mitigation: A fact-finding study on the Dutch market. (2011). Report prepared for the Netherlands Ministry of Economic Affairs Agriculture and Innovation. Retrieved from http:\/\/www.rijksoverheid.nl\/documenten-en-publicaties\/rapporten\/2011\/01\/13\/internet-service-providers-and-botnet-mitigation.html. Michel van Eeten Hadi Asghari Johannes M. Bauer and Shirin Tabatabaie. 2011. Internet Service Providers and Botnet Mitigation: A fact-finding study on the Dutch market. (2011). Report prepared for the Netherlands Ministry of Economic Affairs Agriculture and Innovation. Retrieved from http:\/\/www.rijksoverheid.nl\/documenten-en-publicaties\/rapporten\/2011\/01\/13\/internet-service-providers-and-botnet-mitigation.html.","key":"e_1_2_1_110_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_112_1","DOI":"10.1787\/241440230621"},{"unstructured":"Chris van\u2019t Hof. 2014. How the Dutch police and public prosecutor form smart coalitions against \u201cbad hosting\u201d. TekTok Retrieved from http:\/\/www.tektok.nl\/index.php\/2014-05-23-11-21-59\/147-8-5-how-the-dutch-police-and-public-prosecutor-form-smart-coalitions-against-bad-hosting. Chris van\u2019t Hof. 2014. How the Dutch police and public prosecutor form smart coalitions against \u201cbad hosting\u201d. TekTok Retrieved from http:\/\/www.tektok.nl\/index.php\/2014-05-23-11-21-59\/147-8-5-how-the-dutch-police-and-public-prosecutor-form-smart-coalitions-against-bad-hosting.","key":"e_1_2_1_113_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_114_1","DOI":"10.5555\/2372336.2372344"},{"unstructured":"Paul Vixie. 2014. Testimony of Paul Vixie before the subcommitee on crime and terorism united states senate committee on the judiciary - hearing on taking down botnets: Public and private eforts to disrupt and dismantle cybercriminal networks. Retrieved from http:\/\/www.judiciary.senate.gov\/imo\/media\/doc\/07-15-14VixieTestimony.pdf. Paul Vixie. 2014. Testimony of Paul Vixie before the subcommitee on crime and terorism united states senate committee on the judiciary - hearing on taking down botnets: Public and private eforts to disrupt and dismantle cybercriminal networks. Retrieved from http:\/\/www.judiciary.senate.gov\/imo\/media\/doc\/07-15-14VixieTestimony.pdf.","key":"e_1_2_1_115_1"},{"volume-title":"Black Hat USA","year":"2015","author":"Vixie Paul","key":"e_1_2_1_116_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_117_1","DOI":"10.1145\/2046707.2046763"},{"doi-asserted-by":"publisher","key":"e_1_2_1_118_1","DOI":"10.1145\/1458082.1458129"},{"volume-title":"The zeroaccess botnet: Mining and fraud for massive financial gain. Sophos Technical Paper","year":"2012","author":"Wyke James","key":"e_1_2_1_119_1"},{"doi-asserted-by":"publisher","key":"e_1_2_1_120_1","DOI":"10.1145\/1879141.1879148"},{"unstructured":"ZeusTracker. 2016. ZeuS Tracker at abuse.ch. Retrieved from https:\/\/zeustracker.abuse.ch. ZeusTracker. 2016. ZeuS Tracker at abuse.ch. Retrieved from https:\/\/zeustracker.abuse.ch.","key":"e_1_2_1_121_1"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3003147","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3003147","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:49:54Z","timestamp":1750218594000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3003147"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,1,2]]},"references-count":117,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,12,31]]}},"alternative-id":["10.1145\/3003147"],"URL":"https:\/\/doi.org\/10.1145\/3003147","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"type":"print","value":"0360-0300"},{"type":"electronic","value":"1557-7341"}],"subject":[],"published":{"date-parts":[[2017,1,2]]},"assertion":[{"value":"2015-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-01-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}