ISPs urged to quarantine infected computers
Forcing users to clean their infected computers on an ongoing basis would be more disruptive to cybercriminals than botnet takedowns
IDG News Service - The recent effort to disrupt the Gameover Zeus botnet includes plans for Internet service providers to notify victims, but some security researchers think ISPs should play an even bigger role in the future by actively quarantining infected computers identified on their networks.
Law enforcement agencies from several countries including the FBI and Europol announced Monday that they worked with security vendors to disrupt the Gameover Zeus botnet, which is estimated to have affected between 500,000 and 1 million computers.
"Individuals in the U.K. may receive notifications from their Internet Service Providers that they are a victim of this malware and are advised to back up all important information -- such as files, photography and videos," the U.K.'s National Crime Agency said in a statement on its website.
Notifying Internet users of malware infections, especially when their computers become part of known botnets, has become a relatively common practice for some ISPs in recent years.
For example, in the U.S., Comcast introduced security alerts for its Xfinity service subscribers back in 2010, while in Germany the government partnered with ISPs to notify users whose computers are infected with malware on an ongoing basis and help them clean their machines.
However, ISPs should take even a bigger role in the fight against botnets as "desperate times call for desperate measures," said Rik Ferguson, global vice president of security research at Trend Micro, Monday in a blog post.
Despite widespread media coverage of the Gameover botnet's takedown, press conferences by law enforcement agencies and security alerts issued by computer emergency response teams (CERTs), for the majority of Internet users "the story will just pass them by," Ferguson said.
The researcher argues that even those users who do normally pay attention to IT security-related news might grow tired of learning of the multitude of data loss incidents and eventually might cease to care, which is why a more aggressive approach is needed.
"ISPs on an on-going basis should take advantage of the threat intelligence feeds of the security industry to identify compromised systems connected to their networks," Ferguson said. "Those systems should be moved to quarantine, the account owners should be contacted and directed to resources which will enable them to clean up and rectify the situation. Until such time as the infection is remediated the computer should be able to access only limited Internet resources. Don't care will be made to care."
A computer infected with malware is a threat not only for its owner, but for other Internet users as well in a similar way in which a defective car endangers its driver and everyone else on the road. That's why cars are subject to an annual check, Ferguson said.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts