November 7, 2005 2:19 PM PST

Australian ISPs tapped to kill zombies

The Australian government on Monday recruited five Internet service providers to hunt down virus-infected computers used to send spam or launch denial-of-service attacks from within the country.

These so-called zombie computers have been compromised by hackers, a computer virus, or a trojan horse, and perform malicious tasks of one sort of another, under the direction of the hacker. Many owners of zombie computers are unaware that their systems are zombies or that any hacker attack ever occurred.

Senator Helen Coonan, minister for communications, information technology and the arts, launched the Australian Internet Security Initiative (AISI), which is being run on a three-month trial basis by the Australian Communications and Media Authority (ACMA).

Anthony Wing, manager of the anti-spam team at the ACMA, said that the application, which took "some months" to build, can identify computers located in Australia that are being used for "illicit reasons."

"(The application) identifies IP addresses that have been used for illicit reasons; for example, spamming," Wing said. "There are a range of sensors...that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are, so (they) can contact them."

The five ISPs will regularly receive a list of IP addresses identifying those computers on their networks that have been demonstrating "zombie-like" behavior. The ISPs then will be responsible for contacting customers and helping disinfect their computers.

According to the ACMA, if the computer's owner is contacted by an ISP and is unwilling or unable to disinfect that machine, the ISP could remove the owner's connection to the Internet. "If the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved," the ACMA said in a statement.

Dennis Muscat, managing director of Pacific Internet, said customers usually have no idea their computer is infected. "Our experience has been that customers are usually completely unaware that their computer is compromised and they've been very grateful for the notification."

Adam Biviano, senior systems engineer at anti-virus firm Trend Micro said he is pleased that the government has awakened to the fact that zombie computers are a serious threat.

"[Zombie networks] are definitely the major cause of infection...ISPs need to get involved because it is their networks that are being used to launch the attacks. They definitely need to get involved and identify how their services are being used in this manner," Biviano said.

Lyn Maddock, acting chairperson of the ACMA, said the majority of spam is distributed by zombie computers, which have become a "major problem."

"There are millions of 'zombies' around the world and they have become a major problem on the Internet...Global software companies estimate that more than 60 percent of all global spam is now relayed via zombies and I am delighted that ACMA is working closely with ISPs and the public on addressing this issue," Maddock said in a statement.

Munir Kotadia of ZDNet Australia reported.

3 comments

Join the conversation!
Add your comment
start of a good trend
now that the ISP's are providing their members more and more with total security suites to protect against the whole gamut of internet plagues including zombies, worms, spam, malware, viruses, etc, it is far overdue that the ISP's no longer have anyone left to blame for such incidents beyond themselves. this is the healthy side to utilising your ISP's security suite: if it's ineffective at properly protecting your system, you cannot be blamed.
Posted by i_made_this (302 comments )
Reply Link Flag
Conspiracy theory 101
Conspiracy theory 101, certain secret departments, within the government spy organizations,will want these Zombies for their own nefarious ends, ie great for loading evidence on innocent victims of their own incompetence and create the new terrorist by supposition and imputation(al la De Menzes for the first 48 hours after his deliberate murder at Stockwell train station by serving police officer??? in the UK, then strangely the real truth has started to emerge at a snails pace since) Don't forget Aussie cops have the new shoot to kill anti- terror laws just passed with new amendments, to put back all that was taken out previously and a few new ones added for a generous measure(that sedition law section quite literally kills all forms of political parody!) Oh well, such is life!
Posted by heystoopid (691 comments )
Reply Link Flag
They're going about it the wrong way!
I think the major part of the problem is the following phrase:

>>>The five ISPs will regularly receive a list of IP addresses identifying those computers on their networks that have been demonstrating "zombie-like" behavior. The ISPs then will be responsible for contacting customers and helping disinfect their computers.<<<

I think they're taking the wrong approach. Why MUST they give the ISP's a list of zombied PC IP addresses? If the ISP's were the least bit responsible... they should already be monitoring their own users and thus know without being informed from elsewhere of what their users were doing and take the appropriate action which is disconnect them from the internet until they either fix the problem themselves or get somebody to help them clean up their PC.

What they need to be doing is to warn those ISP's that their internet license WILL be revoked if they don't get their $%#! together and become a responsible ISP... (* LOL *)

Because the problem is NOT so much that the users are unaware of it... but the ISP's are either unaware of it or are aware of it but don't want to do anything about it.

Bottom Line: Irresponsible ISP's breed irresponsible users!!!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.