Do ISPs Ignore Security Researchers Who Point Out Zombied Machines?

from the not-such-a-good-thing dept

Mon, Sep 10th 2007 1:03pm — Mike Masnick

Over the last few years, we've all heard stories about how organized crime groups have taken to using botnets of "zombied" computers to run all sorts of scams and spam campaigns. ISPs have been somewhat slow to react. While they try to use fairly blunt instruments, like cutting off certain ports, many don't seem to have a very good process in place for tracking down and stopping customers whose machines have become unwitting members in a botnet. In fact, security researchers are growing frustrated that when they come across evidence of a hijacked computer, ISPs don't respond at all when told that a customer is causing trouble. There certainly are a few ISPs that are careful to help get rid of botnets, doing things like quarantining or cutting off certain users from their internet access until their machines are cleaned up, but most of the bigger ISPs don't appear to do very much at all. Of course, there is the other side of this story -- which is that when ISPs may be too proactive, it can often snag people whose machines aren't actually doing anything wrong. But, it certainly seems like completely ignoring reports with evidence of a botnet may be going to the opposite extreme.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: botnets, isps, zombies

8 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Witty Nickname, 10 Sep 2007 @ 2:17pm

Of course they dont stop it
Can you imagine the bad P.R. of some novice computer user on TV saying "I don't have any viruses, my computer works, and they took down the internet I paid for."

In major metro areas they can probably choose between DSL and cable, if one of those choices cuts you off for having viruses (a LOT of people have viruses) which one is going to loose customers?
[ link to this | view in chronology ]
- Mike, 10 Sep 2007 @ 7:28pm
  
  Re: Of course they dont stop it
  Most TOS/AUP give the ISP the right to protect their network and cut the offending users internet off.
  I give our customers 5 working days to get their systems cleaned up, then if I do not see any improvement, I cut them off until they can prove to me their are clean.
  [ link to this | view in chronology ]
Name, 10 Sep 2007 @ 2:24pm

Maybe send them an email notification or phone call. I would think most people would try to fix it. Better than not telling them at all.
[ link to this | view in chronology ]
Lee, 10 Sep 2007 @ 2:35pm

dumbass system admins
They just don't care and the problem goes beyond identifying bots in their systems. When bots send spam they forge the sender. They have done that forever and yet mail that can't be delivered gets "returned" to someone who never sent it because dumbass system admins just don't care. That multiplies the spam traffic on the net. You would think that these dumbass system admins could set up their mail daemons to verify that the IP of the sender actually matches the IP that sent the mail. They would only have to do this for mail being returned but, once they have identified a bot this way they could block that IP and stop all the spam coming into their system from that bot but, nooooo. Sysadmins are too busy being dumb.
[ link to this | view in chronology ]
Anonymous Coward, 10 Sep 2007 @ 2:49pm

I have an automated script that sends emails with complains to respective abuse@...... whenever it detects that somebody's trying to bruteforce my system. So far about 1-2% of the notified admins responded, and they have been real people, as opposed to corporations. China is notoriously bad at that: their abuse@... addresses often bounce saying "mailbox too full" ;)
[ link to this | view in chronology ]
MrGutts, 10 Sep 2007 @ 4:54pm

In short in the U.S., yes.. They are in the business to make money and not in the business to fix peoples computers..
[ link to this | view in chronology ]
chris (profile), 11 Sep 2007 @ 7:30am

three reasons it'll never happen
1) people refuse to take responsibility for their computers
2) people refuse to take responsibility for their actions
3) people refuse to take steps to mitigate the impact of 1&2

if people refuse to take responsibility for their actions, refuse to take responsibility for their computers, they will most assuredly refuse to take responsibility for their computer's actions.
[ link to this | view in chronology ]
Richard Ahlquist (profile), 11 Sep 2007 @ 12:42pm

Hell yes they ignore it
Check out prjects like Dshield or My Net Watchman, completely automated systems that watch for attacks and notify their ISP or owner of the attacking ISP. I have been a member of both and the sheer lack of response is repulsive. If my firewall detects 26,000 attempted varying ID's and passwords from an IP address then the blasted ISP should do something about it, but they DONT.
[ link to this | view in chronology ]