Feeds

ISPs turn blind eye to million-machine malware monster

Cablevision and Comcast coddling criminals?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

A chief cause of rampant spam is the refusal of many ISPs to block port 25, which is commonly used for traffic being sent to remote mail servers. Baldwin, of myNetWatchman.com, says his own experience with Comcast is illustrative of the problem. As a security researcher, he regularly runs malware that sends Spam over the ISP's network.

"It was very depressing because I would purposely let things run for days and I would call Comcast abuse on myself," he explained. And yet, even after telling support people he had reason to believe he himself was sending huge amounts of spam, Baldwin was told there were no issues.

Finally, Baldwin woke up one morning to find his test machines could no longer send spam through the ISP, a development he saw as "an extremely positive step for Comcast." Alas, the change didn't last. Comcast inexplicably stopped the block, leaving Baldwin's machines free to spam once more.

Into the Rubber Room

One name you won't see rise to the top of any of these lists is Cox Communications, a US-based provider with 3.5m high-speed customers. In much the same way that hospitals put deranged patients in rubber rooms to protect them from doing harm to themselves or others, Cox quarantines infected customers into environments where internet access is severely limited.

That allows the customer to download antivirus software and other applications designed to clean up their systems, but prevents them from sending spam or connecting with nefarious servers that may be trying to siphon personal information.

"When you get a customer on the phone, sure they're angry at first that they're taken off line, but once they realize that someone else was in control of their computer - pulling their social security number and credit card number off their computer - they're generally pretty grateful," says Matt Carothers, a senior security engineer for Cox. "Taking people off line seems a little harsh, but when you get down to it, you're doing it for their own good, and most customers recognize that."

In 2004, Cox put about 22,500 customers into one of these padded rooms, compared with 8,000 in 2005 and 2,000 last year. The sharp decline is largely the result of mechanisms Cox has put in place that prevent many Trojans from being able to phone home to command and control servers. Cox only disconnects customers whose infections manifest in abusive behavior.

Another ISP that takes an active role in patrolling its network is Internet Texoma. With fewer than 10,000 subscribers, the managers from the rural North Texas provider are able to dote personalized attention on their customers in a way the eludes its larger competitors.

Several weeks ago, for instance, the company received data indicating that six of its subscribers were infected with malware related to Storm Worm that was causing them to send spam and actively try to infect others. By the end of the day, managers had helped two of them to disinfect their machines. The other four were not able to be reached, so Texoma disconnected those machines.

Beginner's guide to SSL certificates

Next page: The Money Argument

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?