The KEK Secure Network System was inaugurated in February 2009 to support the network and security infrastructure at KEK. In the system, one of the effective countermeasures against security incidents is the monitoring of network traffic. This system reveals unsolicited activities that may be due to wrongly configured systems or various malicious software such as worms, viruses, Trojan horses, or bots. Among these, the infections by bots are gradually increasing. Bot programs activate several automated malwares. The computers infected by bots can be controlled by remote attackers and become "zombie computers." Once the unsolicited activity is identified via monitoring, the traffic from it is filtered semi-automatically by remote security operators, and its connection to the KEK network is prohibited until the bot program is removed from the computer by the owner using anti-virus software. Thanks to this sequence of operations, large amounts of infection by bots have been avoided. However, since the tactics of attackers and spread of bots have become deceptive and complex, our existing security countermeasures are required to be extended.

(from 2009 KEK annual report)