Feeds

ISPs turn blind eye to million-machine malware monster

Cablevision and Comcast coddling criminals?

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

A chief cause of rampant spam is the refusal of many ISPs to block port 25, which is commonly used for traffic being sent to remote mail servers. Baldwin, of myNetWatchman.com, says his own experience with Comcast is illustrative of the problem. As a security researcher, he regularly runs malware that sends Spam over the ISP's network.

"It was very depressing because I would purposely let things run for days and I would call Comcast abuse on myself," he explained. And yet, even after telling support people he had reason to believe he himself was sending huge amounts of spam, Baldwin was told there were no issues.

Finally, Baldwin woke up one morning to find his test machines could no longer send spam through the ISP, a development he saw as "an extremely positive step for Comcast." Alas, the change didn't last. Comcast inexplicably stopped the block, leaving Baldwin's machines free to spam once more.

Into the Rubber Room

One name you won't see rise to the top of any of these lists is Cox Communications, a US-based provider with 3.5m high-speed customers. In much the same way that hospitals put deranged patients in rubber rooms to protect them from doing harm to themselves or others, Cox quarantines infected customers into environments where internet access is severely limited.

That allows the customer to download antivirus software and other applications designed to clean up their systems, but prevents them from sending spam or connecting with nefarious servers that may be trying to siphon personal information.

"When you get a customer on the phone, sure they're angry at first that they're taken off line, but once they realize that someone else was in control of their computer - pulling their social security number and credit card number off their computer - they're generally pretty grateful," says Matt Carothers, a senior security engineer for Cox. "Taking people off line seems a little harsh, but when you get down to it, you're doing it for their own good, and most customers recognize that."

In 2004, Cox put about 22,500 customers into one of these padded rooms, compared with 8,000 in 2005 and 2,000 last year. The sharp decline is largely the result of mechanisms Cox has put in place that prevent many Trojans from being able to phone home to command and control servers. Cox only disconnects customers whose infections manifest in abusive behavior.

Another ISP that takes an active role in patrolling its network is Internet Texoma. With fewer than 10,000 subscribers, the managers from the rural North Texas provider are able to dote personalized attention on their customers in a way the eludes its larger competitors.

Several weeks ago, for instance, the company received data indicating that six of its subscribers were infected with malware related to Storm Worm that was causing them to send spam and actively try to infect others. By the end of the day, managers had helped two of them to disinfect their machines. The other four were not able to be reached, so Texoma disconnected those machines.

Choosing a cloud hosting partner with confidence

Next page: The Money Argument

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.