Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Australia booting infected computers off their networks

Australia booting infected computers off their networks

  • Comments 4

The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised.  Here’s an excerpt:

COMPUTERS infected with viruses could be "expelled" from the internet under a new industry code to control Australia's plague of contaminated PCs.

The federal government has given the internet industry an operate-or-legislate ultimatum to identify "zombie" computers involved in cyber-crime.

The Internet Industry Association - whose members include major internet service providers Optus, Telstra, Vodafone, AAPT, Virgin and Hutchison 3G, as well as industry giants Facebook, Google and Microsoft - is preparing a voluntary industry code to come into force this year.

The move follows industry intelligence that Australia now hosts the world's third-highest number of "zombie" computers infected with malicious software that can attack other PCs, send spam, store child pornography or steal the user's identity.

A draft copy of the voluntary code says the ISPs should identify affected computers and try to contact the users, by phone or email.

It proposes ISPs apply an "abuse" plan to slow down the speed of the customer's infected computer, or to change the customer's password so they are forced to call the ISP help desk.

"(Another action could be to) provide the customer with a timeframe in which to take remedial access and, if this is not adhered to, terminate service."

The code states ISPs should cut off internet access only in the "most extreme of cases", when a customer had refused to install anti-virus software, or where the amount of spam being sent from the customer's account was clogging up the network.

I like the part above that I bolded.  It basically says that ISPs take action to coerce the end user into fixing their system.  Unless the customer feels a little bit of pain they will not change their ways.  Having your password reset or slowing down a computer’s speed (I assume it is the speed of their Internet connection, this is known as “throttling”) will certainly get a customer’s attention. 

This line of thinking has been part of my own line of thinking recently as I have attempted to revamp our own outbound spam process.  As I have been collecting requirements, one of my selling points has been that unless a customer feels some pain, they won’t address the root cause of their spam problem.  We fork our spam out a different pool of IPs, and I find that there is an internal perception that this solves the problem of outbound spam for us.  It doesn’t; I want to go beyond the spam problem on our network and try to address the root cause – that the customer is part of an infected botnet, is running malware, and needs to clean it up.  Unless they have an incentive to clean it up (such as us shutting off their outbound mail relay privileges) there is insufficient motivation to actually do it.  Antispam zealots like me care about stuff like that, but average Joes aren’t into it so much.

Thus, the Australian code of conduct resonates with me.  Home users are probably going to be annoyed at being cut off, and many likely won’t know what to do in order to clean up their systems.  Still, it’s a good start and may cause some degradation of the user experience in particular, it should raise the user experience (of the rest of the world) in general.

Leave a Comment
  • Please add 2 and 5 and type the answer here:
  • Post
  • Have you considered the HUGE amount of call generated by a successfull worn like blaster?

    And why install an antivirus when the user could simply switch to something like macox or ubuntu?

  • I'd much rather have an ISPs phone go busy for a few days than to have computers spawn their demon seed all over the network.

    EVERY computer is subject to viruses. EVERY computer. Now that PCs have started to make it much harder for viruses to spread, the hackers are turning to other platforms. I just read that iPhones from down under have been hit with a virus.

    Why not switch to something like ubuntu or macox (whatever flavor of the day that macox is)? Well, because I actually use my computer for more than web browsing.

  • Sounds like the start of a workable plan.  So the ISP are going to start applying the equivalent of NAC, Network Access Control, to their customers.  Verify that OS is patched up to date and machine is running approved AM software, also up to date.  Sure there is overhead at logon time, but I'm willing it would be less than support the current spam load.

    I hope that part of the remediation plan will be to support the users in cleaning up their machines.

    Allow the infected users to access help pages telling how to fix their machines, who they can contact in town to do it for them (advertising revenue potential), allow access to antimalware download sites.

    I hope it isn't allowed to turn into another "blacklisting" fiasco.  A site gets infected, put on blacklist(s), is responsible and truly fixes the problem, then can't get off the blacklists.  The blacklisting companies main response is "we don't have a procedure for taking you off the list until our spiders get around to rescanning your site in 6 months to a year.  BTW, sorry if you go out of business by then."

  • So make the ISP the IT support of their entire user base? Not the genius idea it seems at first...

    My (retired) parents have fast broadband (UK: 10Mbps down/512kbps up) and complain of slow response. Is that the creaky 2-year-old Vista laptop (now with 2GB RAM!) or the rubbish ISP with constant drop-outs and random throttling based upon physical address?

    I spent an hour calling my local ISP with feedback about my up/down speed, latency and DSL settings; they tinkered with the gains and other tweaks at their end, resulting in about 100% boost on my end (more down than up).

    Know your game and stick to your guns; is that fair on a pensioner whose first (and only) experience of computers was that the papers reported Colossus at Bletchley Park (UK) broke the German Enigma codes?

    Ubuntu was great until it bricked my laptop; go back to XP, everything's fine. Open- is lovely; just a pain in the arse!

Page 1 of 1 (4 items)