ACMA creates self-service portal for malware diagnosis

By on
ACMA creates self-service portal for malware diagnosis

Botnet cleaning made somewhat simpler for ISPs, network operators.

The Australian Communications and Media Authority has launched an online portal for ISPs and network operators to log-in and check which IP addresses on their network might be infected with malware. 

The new AISI (Australian Information Security Initiative) portal sources data on infected computers from 17 private sector organisations including Microsoft and The ShadowServer Foundation, which is then aggregated into a data set accessible by 139 internet service providers and educational institutions.

Over the last nine years, phishing alert data has been sent to ISPs and other network operators via emailed reports.

Julia Cornwell McKean, manager of ACMA’s internet security programs, told journalists in advance of yesterday’s launch event that the service will be more valuable on a ‘self-service’ basis.

ISPs and network operators can log-in to an internet-connected portal, written in Python and using the Django framework, to see a customised view of the infected machines found on their network, plus an aggregate view of infections across all 17 networks to get a sense of where the next threat might come from.

Yesterday, for example, Zero Access click fraud trojan is reported to the portal some 6000 times a day, the Conficker worm some 4000, and Zeus Trojan 3000 times per day.

“The object of the program is to identify compromised devices, so ISPs and consumers can remove infections,” she said. Often, she noted, infected hosts were older computers used by consumers or within small business, running unsupported operating systems and expired antivirus software.

Cornwell McKean said the ACMA was “open to taking [threat data] feeds from anyone that would complement our data sets.”

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?