[anti-spam-wg@localhost] TeliaSonera to block 'zombie pcs'
- Date: Tue, 4 Nov 2003 14:01:28 +0100 (CET)
Telia blocks spam-sending Zombie PCs
By Jan Libbenga
Posted: 04/11/2003 at 11:56 GMT
TeliaSonera, the leading telecommunications group in the Nordic and Baltic
regions, will start to immediately block Internet traffic to and from
computers that send junk email or spam, the company announced yesterday.
In order to prevent the rapid spread of spam and virus mails, the company
will block all Trojan-infected PCs without warning. TeliaSoneria is the
first ISP in Europe to take such drastic measures.
So far, most ISPs have only blocked Internet traffic to certain PC ports.
In the UK NTL last month started blocking port 135 traffic on its Internet
service. Port 135 is generally used for connections to Microsoft Exchange
servers on corporate networks, but it was also compromised by the Welchia
and Blaster worms.
A PC that is infected with a Trojan can send more than 100,000 spam
messages or viruses in a single day. A time lapse of two weeks between the
discovery and blocking of computers that send spam is therefore no longer
acceptable, TeliaSoneria says. The company emphasises that it is not
blocking computers on a permanent basis. Telia will offer assistance to
solve the problem and then remove the blocking procedure afterwards.
Whether it will prevent a complete swamping or inundation of viruses
remains to be seen. The recent Sobig.F mass-mailing virus literally carpet
bombed the internet, causing chaos on corporate networks. Shutting down
access to all these computers at the same time may not be possible.
TeliaSonera says that the number of customer complaints related to spam
and computer viruses has increased ten-fold from 300 to 3,000 every 24
hours, and that something needs to be done. "The Internet is easy to use,
but this constant flood of spam that we are now witnessing is creating
costs and problems for our customers and we won't accept it,' Marie
Ehrling, head of TeliaSonera Sweden, says.
John Leyden adds: Telia is taking a bold step but the policy should pay
off, so long as the company correctly identifies infected machines and is
responsive to customer requests to disinfect their PCs. A free AV tools
such as AVG from GRISoft is one of the more straightforward ways to
clean-up infected machines. We trust Telia's good sense will prevail in
temporarily allowing the infected onto the Net to download updates.
Alternatives, which normally involve using RegEdit to delete viral changes
to infected PCs, are hazardous.
Meanwhile what is Telia doing to put its own house in order?
Since March, Telia has used the Mail Abuse Prevention System (MAPS) to
block email from known senders of electronic junk mail. In addition, Telia
plans to introduce general protection against viruses in both incoming and
outgoing mail, as well as protection against spam in email that is
addressed to receivers outside its network.