November 7, 2005 2:19 PM PST
Australian ISPs tapped to kill zombies
These so-called zombie computers have been compromised by hackers, a computer virus, or a trojan horse, and perform malicious tasks of one sort of another, under the direction of the hacker. Many owners of zombie computers are unaware that their systems are zombies or that any hacker attack ever occurred.
Senator Helen Coonan, minister for communications, information technology and the arts, launched the Australian Internet Security Initiative (AISI), which is being run on a three-month trial basis by the Australian Communications and Media Authority (ACMA).
Anthony Wing, manager of the anti-spam team at the ACMA, said that the application, which took "some months" to build, can identify computers located in Australia that are being used for "illicit reasons."
"(The application) identifies IP addresses that have been used for illicit reasons; for example, spamming," Wing said. "There are a range of sensors...that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are, so (they) can contact them."
The five ISPs will regularly receive a list of IP addresses identifying those computers on their networks that have been demonstrating "zombie-like" behavior. The ISPs then will be responsible for contacting customers and helping disinfect their computers.
According to the ACMA, if the computer's owner is contacted by an ISP and is unwilling or unable to disinfect that machine, the ISP could remove the owner's connection to the Internet. "If the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved," the ACMA said in a statement.
Dennis Muscat, managing director of Pacific Internet, said customers usually have no idea their computer is infected. "Our experience has been that customers are usually completely unaware that their computer is compromised and they've been very grateful for the notification."
Adam Biviano, senior systems engineer at anti-virus firm Trend Micro said he is pleased that the government has awakened to the fact that zombie computers are a serious threat.
"[Zombie networks] are definitely the major cause of infection...ISPs need to get involved because it is their networks that are being used to launch the attacks. They definitely need to get involved and identify how their services are being used in this manner," Biviano said.
Lyn Maddock, acting chairperson of the ACMA, said the majority of spam is distributed by zombie computers, which have become a "major problem."
"There are millions of 'zombies' around the world and they have become a major problem on the Internet...Global software companies estimate that more than 60 percent of all global spam is now relayed via zombies and I am delighted that ACMA is working closely with ISPs and the public on addressing this issue," Maddock said in a statement.
Munir Kotadia of ZDNet Australia reported.
3 commentsJoin the conversation! Add your comment