Some 18 Australian ISPs, serving over 80 percent of internet users, have signed on to a new voluntary code of practice to limit the problem of "zombied" computers being run by internet users.
Launched by the Internet Industry Association (IIA) with the express blessing of the Australian Government, the "icode" [pdf] marked a world first initiative in repelling hordes of compromised machines on the net that may come under the control of criminals as part of a larger botnet.
The IIA was concerned that zombied computers could capture and forward passwords in session, send information to others without the knowledge of users, wipe information stored on machines or cause personal computers to attack other computer systems worldwide.
"Harnessing many thousands of zombied computers gives vast, hidden computing power to cybercriminals who are preying on internet users' inexperience or inertia," IIA chief Peter Coroneos said.
Coroneos expected participating ISP numbers to increase by the day. ISPs that had signed onto the code would display an "icode compliant" symbol on their websites.
"Significantly," Mr Coroneos added, "this initiative has been achieved without the need for legislation. ISPs themselves understand and support the need for action to be taken to enhance the security of Australian networks."
The program built on the Australian Internet Security Initiative (AISI) established by the Australian Communications and Media Authority which already had widespread industry support.
Coroneos said the icode took this work to the next level by codifying best practices and centralising resources for ISPs and their customers.
The two schemes were designed to work hand in hand, with AISI remaining a major source of intelligence to ISPs about possible network infections.
The icode consisted of four main elements:
- A notification/management system for compromised computers
- A standardised information resource for end users
- A comprehensive resource for ISPs to access the latest threat information
- A reporting mechanism in cases of extreme threat back to CERT Australia to facilitate a national high level view of attack status.
The icode website provided self help tools and cost effective professional help to users, including house calls from reputable service firms.
It meant that any user, should they be notified of a suspected compromise on their machine, could be confident a solution was readily at hand, Coroneos said.