Do ISPs Ignore Security Researchers Who Point Out Zombied Machines?

from the not-such-a-good-thing dept

Over the last few years, we've all heard stories about how organized crime groups have taken to using botnets of "zombied" computers to run all sorts of scams and spam campaigns. ISPs have been somewhat slow to react. While they try to use fairly blunt instruments, like cutting off certain ports, many don't seem to have a very good process in place for tracking down and stopping customers whose machines have become unwitting members in a botnet. In fact, security researchers are growing frustrated that when they come across evidence of a hijacked computer, ISPs don't respond at all when told that a customer is causing trouble. There certainly are a few ISPs that are careful to help get rid of botnets, doing things like quarantining or cutting off certain users from their internet access until their machines are cleaned up, but most of the bigger ISPs don't appear to do very much at all. Of course, there is the other side of this story -- which is that when ISPs may be too proactive, it can often snag people whose machines aren't actually doing anything wrong. But, it certainly seems like completely ignoring reports with evidence of a botnet may be going to the opposite extreme.

Reader Comments (rss)

(Flattened / Threaded)

  1. identicon
    Witty Nickname, Sep 10th, 2007 @ 2:17pm

    Of course they dont stop it

    Can you imagine the bad P.R. of some novice computer user on TV saying "I don't have any viruses, my computer works, and they took down the internet I paid for."

    In major metro areas they can probably choose between DSL and cable, if one of those choices cuts you off for having viruses (a LOT of people have viruses) which one is going to loose customers?

    reply to this | link to this | view in thread ]

  2. identicon
    Name, Sep 10th, 2007 @ 2:24pm

    Maybe send them an email notification or phone call. I would think most people would try to fix it. Better than not telling them at all.

    reply to this | link to this | view in thread ]

  3. identicon
    Lee, Sep 10th, 2007 @ 2:35pm

    dumbass system admins

    They just don't care and the problem goes beyond identifying bots in their systems. When bots send spam they forge the sender. They have done that forever and yet mail that can't be delivered gets "returned" to someone who never sent it because dumbass system admins just don't care. That multiplies the spam traffic on the net. You would think that these dumbass system admins could set up their mail daemons to verify that the IP of the sender actually matches the IP that sent the mail. They would only have to do this for mail being returned but, once they have identified a bot this way they could block that IP and stop all the spam coming into their system from that bot but, nooooo. Sysadmins are too busy being dumb.

    reply to this | link to this | view in thread ]

  4. identicon
    Anonymous Coward, Sep 10th, 2007 @ 2:49pm

    I have an automated script that sends emails with complains to respective abuse@...... whenever it detects that somebody's trying to bruteforce my system. So far about 1-2% of the notified admins responded, and they have been real people, as opposed to corporations. China is notoriously bad at that: their abuse@... addresses often bounce saying "mailbox too full" ;)

    reply to this | link to this | view in thread ]

  5. identicon
    MrGutts, Sep 10th, 2007 @ 4:54pm

    In short in the U.S., yes.. They are in the business to make money and not in the business to fix peoples computers..

    reply to this | link to this | view in thread ]

  6. identicon
    Mike, Sep 10th, 2007 @ 7:28pm

    Re: Of course they dont stop it

    Most TOS/AUP give the ISP the right to protect their network and cut the offending users internet off.
    I give our customers 5 working days to get their systems cleaned up, then if I do not see any improvement, I cut them off until they can prove to me their are clean.

    reply to this | link to this | view in thread ]

  7. icon
    chris (profile), Sep 11th, 2007 @ 7:30am

    three reasons it'll never happen

    1) people refuse to take responsibility for their computers
    2) people refuse to take responsibility for their actions
    3) people refuse to take steps to mitigate the impact of 1&2

    if people refuse to take responsibility for their actions, refuse to take responsibility for their computers, they will most assuredly refuse to take responsibility for their computer's actions.

    reply to this | link to this | view in thread ]

  8. icon
    Richard Ahlquist (profile), Sep 11th, 2007 @ 12:42pm

    Hell yes they ignore it

    Check out prjects like Dshield or My Net Watchman, completely automated systems that watch for attacks and notify their ISP or owner of the attacking ISP. I have been a member of both and the sheer lack of response is repulsive. If my firewall detects 26,000 attempted varying ID's and passwords from an IP address then the blasted ISP should do something about it, but they DONT.

    reply to this | link to this | view in thread ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Insider Shop - Show Your Support!

Hide this ad »
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Hide this ad »
Recent Stories
Hide this ad »


Email This

This feature is only available to registered users. Register or sign in to use it.