Feeds

ISPs turn blind eye to million-machine malware monster

Cablevision and Comcast coddling criminals?

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

A chief cause of rampant spam is the refusal of many ISPs to block port 25, which is commonly used for traffic being sent to remote mail servers. Baldwin, of myNetWatchman.com, says his own experience with Comcast is illustrative of the problem. As a security researcher, he regularly runs malware that sends Spam over the ISP's network.

"It was very depressing because I would purposely let things run for days and I would call Comcast abuse on myself," he explained. And yet, even after telling support people he had reason to believe he himself was sending huge amounts of spam, Baldwin was told there were no issues.

Finally, Baldwin woke up one morning to find his test machines could no longer send spam through the ISP, a development he saw as "an extremely positive step for Comcast." Alas, the change didn't last. Comcast inexplicably stopped the block, leaving Baldwin's machines free to spam once more.

Into the Rubber Room

One name you won't see rise to the top of any of these lists is Cox Communications, a US-based provider with 3.5m high-speed customers. In much the same way that hospitals put deranged patients in rubber rooms to protect them from doing harm to themselves or others, Cox quarantines infected customers into environments where internet access is severely limited.

That allows the customer to download antivirus software and other applications designed to clean up their systems, but prevents them from sending spam or connecting with nefarious servers that may be trying to siphon personal information.

"When you get a customer on the phone, sure they're angry at first that they're taken off line, but once they realize that someone else was in control of their computer - pulling their social security number and credit card number off their computer - they're generally pretty grateful," says Matt Carothers, a senior security engineer for Cox. "Taking people off line seems a little harsh, but when you get down to it, you're doing it for their own good, and most customers recognize that."

In 2004, Cox put about 22,500 customers into one of these padded rooms, compared with 8,000 in 2005 and 2,000 last year. The sharp decline is largely the result of mechanisms Cox has put in place that prevent many Trojans from being able to phone home to command and control servers. Cox only disconnects customers whose infections manifest in abusive behavior.

Another ISP that takes an active role in patrolling its network is Internet Texoma. With fewer than 10,000 subscribers, the managers from the rural North Texas provider are able to dote personalized attention on their customers in a way the eludes its larger competitors.

Several weeks ago, for instance, the company received data indicating that six of its subscribers were infected with malware related to Storm Worm that was causing them to send spam and actively try to infect others. By the end of the day, managers had helped two of them to disinfect their machines. The other four were not able to be reached, so Texoma disconnected those machines.

Secure remote control for conventional and virtual desktops

Next page: The Money Argument

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.