ACMA: 30,000 Australian PCs infected every day

Powered by SC Magazine
 

Regulator working on new zombie-tracking portal for ISPs.

View larger image View larger image View larger image

See all pictures here »

Australia's communications regulator has reported that there are approximately 25,000 to 30,000 computers compromised by malware every day in Australia.

The Australian Communications and Media Authority (ACMA) expected the total number of infected machines in Australia this year to soar past four million.

Zombie computers, infected by malware or other exploits, are often part of a wider network of "botnets", used to commit cyber crimes such as spam, phishing, or denial of service attacks.

Information about these exploited machines is being tracked in Australia by the Australian Internet Security Initiative (AISI) and the spam intelligence database (SID). The AISI aggregates information from a number of sources to inform ISPs about the number of compromised computers.

The voluntary program has secured the participation of universities, 90 ISPs ( including the "big four") and hundreds of virtual ISPs, Chaffe said.

In the 2008/2009 financial year, the ACMA reported 1.57 million incidents, which almost doubled the following year to 4.09 million incidents, according to ACMA e-security operations staffer Mark Chaffe.

This will increase significantly in the 2009/2010 financial year, as some 25,000 to 30,000 new infected computers are being reported daily, Chaffe told attendees at the Ruxcon technical security conference in Melbourne on the weekend.

"In some ways it's fantastic because we're getting more coverage, finding more compromises," Chaffe told attendees.

"But the inverse of that [is that] it's a bit disheartening to know there's 25,000 to 30,000 compromised computers on the internet and it doesn't look like it's changing.

"It's just always ramping up."

ISP portal in development

The ACMA usually emails these reports to internet service providers, including a 'repeated sightings report' for computers that have been infected several times over a short period of time.

But iTnews can reveal that more detailed information will soon be made available to ISPs via a one-stop information portal.

The portal will provide additional information to ISPs on already reported compromises - the details of which is yet to be finalised. ISPs will also be able to update their IP address ranges on the portal.

A spokesman for ACMA told iTnews the data will not be offered on the portal in "real-time."

"There will be a delay from when the compromise is detected to when it will be available via the portal," he said. "The timing depends on the source."

The portal will be restricted to AISI participants oand will be password protected, amongst other security measures.

Other measures

The AISI program covers 90 percent of Australia's residential broadband customers, but the ACMA only sees the IP address and the time of the attack and sees no personal customer information, Chaffe said.

The regulator cannot force ISPs to take actions against customers, but Chaffe highlighted recent proposals by the IIA for ISPs to quarantine infected PCs in a "walled-garden" environment.

"It could be very restrictive, and [the subscriber] would have to call the ISP to get out," he said. "Or it may be as simple as to apply updates and escape out."

The other half of AISI is the spam detection program SID. By integrating the two, the ACMA can identify which computers and botnets are being used for spam.

SID currently receives about two million spam messages a day, sourced directly from the public.

Chaffe said this was especially valuable because important information can be extracted from the messages that made it through user's spam filters.

Copyright © iTnews.com.au . All rights reserved.


 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Do you direct debit customers? Read this
Oct 10, 2014
Authorities have been targeting direct debit practices with iiNet and Dodo receiving formal ...
Optus expands 4G coverage
Oct 10, 2014
If you rely on an Optus phone for work you might be interested to know that there are now 200 ...
Microsoft Office is now free for some charities
Oct 10, 2014
Microsoft has announced that eligible Australian non-profit organisations and charities can now ...
Vodafone lights up 4G in Adelaide
Oct 9, 2014
Live and work in Adelaide? Vodafone has switched on its 4G network in the city and suburbs.
Next year tradies will be able to take payments using ingogo
Oct 3, 2014
Ingogo is going to provide a card payment service for Xero users.
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 416

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 195

Vote