By Will Sturgeon, 14 March 2007 09:25
NEWS
Ispa, the UK's internet service providers' association, will today make a presentation to the House of Lords science and technology committee on computer security and spam.
The session, which follows the submission of a written response, coincides with claims the number of compromised PCs known as botnets in the UK has tripled over the past year.
And one security expert claims ISPs are still shirking their responsibilities.
Speaking about the growing problem of botnets and the deluge of spam they create, David Rand, CTO of security company Trend Micro, told silicon.com: "I absolutely believe this is the ISPs' responsibility. Yet top ISPs still aren't doing anything."
Rand said: "It's not like the ISPs can't tell this is going on. They can see all this on their networks."
Many leading ISPs currently refuse to take measures such as blocking port 25 traffic, a move which Rand claimed would affect very few users sending legitimate email, while blocking the port used to relay email via the internet on compromised machines.
And he expressed doubts that ISPs would ever volunteer such measures to legislators because they fear taking greater responsibility for the use of their networks and the implications of increased operating costs.
A spokesman for Ispa said it understands the majority of spam originates from compromised PCs connected to its members' broadband services - and those of other ISPs - often unbeknownst to customers. But he said it is not the ISPs' lone responsibility to solve the problem, suggesting legislation and end-user education are essential tools in the fight.
The Ispa spokesman told silicon.com: "No ISP wants to tolerate any criminal activity on their network."
He also denied suggestions ISPs have been slow or unwilling to act on the matter. "If there was a flick-switch solution to this, we would have done it," he said.
Trend Micro's Rand told silicon.com the number of infected PCs has tripled in the UK over the past year, according to his company's research.
This means more UK homes and businesses are operating compromised PCs which - as well as sending vast volumes of spam - could potentially be plundered for sensitive data such as passwords or bank details.
Rand told silicon.com one reason for the upsurge in rogue activity on European networks dates back to a major fibre cut between China and Taiwan in December 2006. At that time botnet activity switched dramatically from China to Europe within around six minutes, he said.
Rand said millions of infected machines in Europe were brought online by the criminals who control them remotely, showing not only a vast amount of redundancy built into these criminal networks but also "highly sophisticated" business continuity plans.
He said: "These criminals have a very advanced command and control structure. We've got a real challenge ahead of us to take that down. And we've not managed it yet."
Comments
There are 10 comments. Join the discussion
1. anonymous
Since only PCs running Windows can be turned into botnets...the solution seems obvious.
2. Bob
Umm... Why only Windows?
The only reason I can see for the prevelence of Windows-based botnets is the sheer number of windows systems operated by naive users.
If everyone suddenly switched to some other OS, the botnets would target that - and naive users would still fail to patch their OS, keep their protection up to date, and would not see the risk in accessing the internet without an effective firewall.
What's the obvious solution that the whole industry has missed?
3. Tim Trent
Blocking port 25 is naive in the extreme. Mail servers should be properly secured instead of blocking port 25. That, surely, is the ISP's responsibility, not some damfool universal block?
All blocking port 25 does is annoy legitimate users who need to log on to their own mail servers and find that port 25 blocking means that they can't. The entire population that works at home a few days a week when their employer has no VPN (etc) to log in through will be affected by this knee jerk measure
If this is the best the industry can suggest then lord help us. Rand is plain wrong over this.
Do realistic and sensible things, certainly. Thinking properly would be a good start
4. Charles Smith
The ISP's and Anti-SPAM organisations have had plenty of opportunity to deal with this issue. They have also spoken with both the House of Commons and the House of Lords when legislation was formulated. They both continue to wring their hands and say that nothing can be done. The answer is plain and straight forward. That is to charge a 1 cent per message email tax on each email message. If the message does not bear a certified email tax payment it should then just be dropped at the Internet Hubs.
The proceed from the email tax could be used to fund development of the Internet.
A Spammer sending 10 Million SPAM emails would have to find $100,000 to despatch those messages.
With the current set up the SPAM companies have nothing to gain from supporting such a system as it would reduce their income.
5. Richard Marshall
Why not just just, er, turn off your computer when it's not in use....?
It stops all malicious activity and saves energy. What could be simpler?
Right, that's home PCs sorted. Now, as for enterprise PCs, the same applies, turn them off at night if at all possible, install traffic monitoring to log suspicious nocturnal activity and keep on top of Security updates.
Oh, and maybe stop using MS Windows if that makes you more vulnerable...
6. Simon
To anonymous from Luton, you are wrong. Both Mac and Linux CAN be used as bots, it's just that's it's a LOT harder and hasn't been achieved yet - why bother when there's a lot more easily compromised Windoze machines out there. I'm sure we will see it happen sooner or later, though more likely through social engineering methods than via software vulnerabilities.
Remeber than for most users to do anything useful they have to be able to load and run software - thus providing an attack vector.
BTW - this isn't a "my Windows is fine blah, blah" message. I'm a Mac and Linux user - just not blind to the (albeit xmall) risk that our machines could potentially be used.
7. Tongue Incheek
We need the government to mandate an MOT style test for PCs. Once a month, the PC/Mac must connect for a day via a proxy that monitors what's coming out of it. The owner could choose not to send anything themselves and thus not reveal any of their personal communications. Anything else that looks like botnet activity would force an extended test, just to make sure and if it does prove to be so, the PC should be isolated (in network terms) until it is clean. A second offense should require the owner to be forced to use a low privilege (non-administrator account) and on a third offense, they should be upgraded to Linux but without a window manager
8. Simpson Lawrence
To Charles Smith:
If you were right, Charles, then people would agree with you
Email tax indeed. What are you smoking? How do you ever think this would (a) pay for itself and (b) not get diverted to central governments?
9. Charles Smith
Ah Mr Lawrence,
The debating tactic of personal attacks is reserved for those who have no strong counter argument. In fact a lot of people support the idea of the 1 cent email tax. I've taken the time to stand in front of the (APIG) Parliamentary Committee and presented my views. So please Mr Lawrence come out of the shadows and explain what your solution might be, if you have one?
Certainly the current reactive approaches to SPAM have failed to work.
10. BillK
User training is pretty much useless. The general public don't have the time or inclination to become computer techies. Anyway, MS has said that it is almost impossible to protect against some of the new rootkits and if infected, a disk wipe is the recommended solution.
I warn my friends and relatives, but to no avail. They want a computer that is like a tv or dvd player. You just switch it on and use it.
I only get called in when the pc slows down so much it is almost unusable or the screen gets covered with continuous popups that won't go away.
If ISPs slowed email down, or rationed an individual pc to, say, five emails per hour, (official mail servers excepted) that would at least stop the Spam floods that we are currently experiencing.