Hackers use software programs to search the internet for computers that aren’t protected by up-to-date security software. When they find unprotected computers, they try to install malware that allows them to control the computers remotely. Many thousands of these computers linked together make up a “botnet,“ a network controlled by hackers to steal people’s personal information or send spam. Millions of home computers are part of botnets.

One strategy that has been successful in stemming the tide of botnets has been for private sector entities to voluntarily and timely detect and notify users that their machines have been infected. This voluntary notification has often come from the user’s Internet Service Provider (ISP) or another company with whom a user interacts very frequently. Once an ISP has detected a likely user security problem, it can inform the user of the steps he or she can take to address the problem. For example, the ISP could notify the user about a botnet infection and send him or her to a website with information to help clean up the computer.

The Departments of Commerce and Homeland Security have issued a Request for Information (RFI) asking about: the need for a voluntary code of conduct for consumer notifications about botnets; how private entities might help prevent and identify botnets; how to notify users about botnets; how to help promote incentives for companies to participate in voluntary notification efforts; and how to help build resources to help ISPs or other entities notify consumers.

You can read the RFI and learn how to file a comment here. Comments are due by November 4, 2011.