Zombies: Oz takes the fight to ISPs

The Australian government on Monday recruited five ISPs to hunt down virus-infected computers used to send spam or launch denial of service attacks from within the country.

These so-called zombie computers have been compromised by hackers, a computer virus, or a Trojan horse, and perform malicious tasks of one sort or another, under the direction of the hacker. Many owners of zombie computers are unaware that their systems are zombies or that any hacker attack ever occurred.

Senator Helen Coonan, minister for communications, information technology and the arts, launched the Australian Internet Security Initiative, which is being run on a three-month trial basis by the Australian Communications and Media Authority (Acma).

Anthony Wing, manager of the anti-spam team at the Acma, said the application, which took "some months" to build, can identify computers located in Australia that are being used for "illicit reasons".

He said: "[The application] identifies IP addresses that have been used for illicit reasons; for example, spamming. There are a range of sensors... that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are, so can contact them."

The five ISPs will regularly receive a list of IP addresses identifying those computers on their networks that have been demonstrating "zombie-like" behaviour. The ISPs then will be responsible for contacting customers and helping to disinfect their computers.

According to the Acma, if the computer's owner is contacted by an ISP and is unwilling or unable to disinfect that machine, the ISP could remove the owner's connection to the internet. The Acma said in a statement: "If the computer remains a threat to other internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved."

Dennis Muscat, managing director of Pacific Internet, said customers usually have no idea their computer is infected. He said: "Our experience has been that customers are usually completely unaware that their computer is compromised and they've been very grateful for the notification."

Adam Biviano, senior systems engineer at antivirus firm Trend Micro said he is pleased the government has awakened to the fact that zombie computers are a serious threat.

Biviano said: "[Zombie networks] are definitely the major cause of infection... ISPs need to get involved because it is their networks that are being used to launch the attacks. They definitely need to get involved and identify how their services are being used in this manner."

Lyn Maddock, acting chairperson of the Acma, said the majority of spam is distributed by zombie computers, which have become a "major problem".

She said in a statement: "There are millions of 'zombies' around the world… Global software companies estimate that more than 60 per cent of all global spam is now relayed via zombies and I am delighted that Acma is working closely with ISPs and the public on addressing this issue."

Munir Kotadia writes for ZDNet Australia