Imperva applauds IIA plans to quarantine zombie-infected Internet connections
Imperva has backed the Australian Internet Industry Association (IIA) initiative in encouraging ISPs nationwide to adopt a new voluntary code of conduct on cyber security.
Along with educating and better protection customers, ISPs are also being asked to temporarily quarantine those users whose computers are infected by zombie malware and is generated spam.
“This move is to be applauded and while it’s certain to generate an outcry from some quarters, will only temporarily block an infected users’ ability to generate spam. It won’t affect their ability to surf the Internet or access a Webmail account,” said Amichai Shulman, chief technology officer with Imperva.
He added: “The IIA says the code of conduct will give customers greater levels of confidence in the security of their Internet connections, as well as helping to reduce the levels of zombie infections actively connected to the Internet.”
According to Shulman, the introduction of the new code of conduct will encourage Australian ISPs to introduce network activity detection on their platforms, so allowing to identify abnormal traffic patterns from a subscriber’s IP address, and take appropriate action.
If, as seems likely, the code of conduct is adopted by Australia’s ISPs, then it will almost certainly reduce the number and effects of zombie infections, which the Imperva CTO says, are usually the result of a user clicking on an email link routing to an infected Web site.
According to Shulman, his company revealed last month that hackers had started infecting Web servers with a denial of service application that effectively transformed them into zombie drones.
“As I said at the time, these servers are controlled using a simple Web application, consisting of just 90 lines of PHP code, making them highly effective for the cybercriminals, since they offer criminals more horsepower and – typically – fatter pipes for throwing out spurious traffic,” he said.
“If, however, the ISPs are able to quarantine an IP address generating this type of spurious traffic, then the effects of a server-infection denial of service attack can be negated. It is to be hoped that, if Australia’s ISPs adopt this code of conduct, then it makes its way up to the ISPs in the northern hemisphere.”