isp's told they need to hunt down malware infected pc's

scootie · ‎03-11-2007

http://www.samknows.com/broadband/news/mps-tell-isps-to-filter-web-isps-say-erm-we-already-do-1121.h...

Quote
However, less to ISPs’ liking, the report also demanded that ISPs “immediately start the process of agreeing a voluntary code for detection of, and effective dealing with, malware infected machines in the UK. If this voluntary approach fails to yield results in a timely manner, then we further recommend that Ofcom unilaterally create such a code, and impose it upon the UK ISP industry on a statutory basis

MrC · ‎17-07-2008

Actually, using some form of pattern analysis to detect infected PCs would be a good idea (with some obvious safeguards). Many people never know their PCs have been subsumed into a botnet and just assume any slowdown or strange behaviour has a more benign reason. Even having up-to-date anti-virus doesn't guarantee protection so having the ISP's monitoring for out of the norm usage patterns makes sense - after all they are in the best place network-wise to spot this.

7up · ‎01-08-2007

Quote from: ASBO
http://www.samknows.com/broadband/news/mps-tell-isps-to-filter-web-isps-say-erm-we-already-do-1121.html
Quote
for detection of, and effective dealing with

Yeah see that bit worries me. Are they now saying ISPs should just hack into your computer to clean it up and do what they like with it?

I need a new signature... i'm bored of the old one!

VileReynard · ‎01-09-2007

So if, despite your best efforts, you become a victim then you would be harshly dealt with?

"In The Beginning Was The Word, And The Word Was Aardvark."

scootie · ‎03-11-2007

am not 100% certain of this but am sure i remember when a company did a survey of a botnet IE reverse engineered it and had control of it for awhile they relesed the IP addresses that was part of it and a PN IP was on there and i think i remember PN informed the customer.
EDIT.
Bingo new my mind wasnt playing tricks http://community.plus.net/blog/2008/05/01/title-tbc/

Quote
Some readers might also be interested to know that we located a handful of our own customers in the list of IP addresses identified by Amini and co.
We’ve since contacted those customers to let them know.

pierre_pierre · ‎30-07-2007

I believe that they have also had a problem with the way Madasafish works and have suspended some services for a period to sort out

SparckZero · ‎15-07-2009

Maybe a wireshark capture of some botnet traffic is in order so that it can be correctly identified and appropriately dealt with by the PN traffic management platform

Whilst ISPs are probably best placed to perform such an identification, I wouldn't even want to think what cost that would entail...
@okrzynska: I'm not sure that ISPs should hack into your computer to "deal with" such an infection - perhaps being placed into some kind of quarantine zone? Not sure how this would work, however...

pierre_pierre · ‎30-07-2007

PN has a system that does identify customers that are sending what appears to be Spam mail out and they do take action.

SparckZero · ‎15-07-2009

Indeed - I was aware of the outgoing spam mail detection (not through personal experience, for the record!) - but it would be interesting to see what else could be picked up.

pierre_pierre · ‎30-07-2007

I would think they have the capability to look at all outgoing mail, but not at your machine. From Bobs previous comments, any body who does access the info is subject to a recorded audit trail (like the Police - any one not entitled or does it incorrectly is liable to be dismissed)

VileReynard · ‎01-09-2007

They'd better have good cause - or they face getting sued.

"In The Beginning Was The Word, And The Word Was Aardvark."

MrC · ‎17-07-2008

Quote from: Axisofevil
So if, despite your best efforts, you become a victim then you would be harshly dealt with?

Nah, first off they could use those old pieces of technology called 'a letter' or 'a telephone' to let us know something might be amiss

If that failed to work then maybe something a bit more drastic might be called for.

VileReynard · ‎01-09-2007

They'd better be able to provide full details including dates, times, ip addresses etc
I bet they just send a frightening looking letter about courts, bailiffs beloved of shady debt collectors.

"In The Beginning Was The Word, And The Word Was Aardvark."

7up · ‎01-08-2007

See a phone call would be nice if they found something amiss but more drastic action like connection dropped, hacked etc would be a bit of an overkill unless the customer point blank refused to do anything. That being the case the customer is supporting the bots and allowing them to spread. To then disconnect them would be a wise idea. This however as are all government granted powers recently, is open to abuse.

I need a new signature... i'm bored of the old one!

VileReynard · ‎01-09-2007

Can I ask what these bots actually do?
This is a serious question - if I had a low-activity bot that just sent out a dozen spam emails every day, then in all honesty if that's all it did, why should I put myself out?
Unless consultancy fees are payable of course!!!