Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

ISPs should quarantine infected computers, researchers say

Lucian Constantin | June 4, 2014
Forcing users to clean their infected computers on an ongoing basis would be more disruptive to cybercriminals than botnet takedowns, some security researchers say.

Isolating infected computers and forcing their owners to take action is a good idea that could affect the cybercriminal ecosystem as a whole, said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, Tuesday via email. "These compromised computers are the most precious assets for cybercriminals. The smaller their number, the lower the revenue for crooks and the smaller the incentive to keep infecting random computers."

Some ISPs might not be able to take such actions because of local legal frameworks and privacy-related reasons, but if a significant number of them start doing it, botnets could become much smaller, restricting their operators' ability to invest in new command-and-control infrastructure or new attacks.

There are a number of issues that ISPs might face when implementing such a program, Botezatu said. "For instance, their customer base might complain that their traffic is being inspected or that they have lost connectivity when they needed it most. The initial investment for a malicious traffic pattern monitoring technology on the ISP's side could also be one of the factors that would postpone its implementation."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.