Malware-tracking portal helps Australian ISPs trace bots to device level

Australian Internet service providers (ISPs) will be able to get device-level information about malware infections on their customers' computers after the Australian Internet Security Initiative (AISI) launched an online portal into its expanding malware database.

AISI, run by the Australian Communications and Media Authority (ACMA), has been collecting details of malware compromises from a range of sources since 2005. Some 17 organisations currently contribute to the program, including Microsoft, The Shadowserver Foundation and security research group Team Cymru.

The AISI program currently has some 139 participants and is collecting around 70,000 'observations' of malware every day. And while its nature means that it is “by its very nature retrospective”, ACMA Internet Security Programs section manager Julia McKean said, “it should inform and cultivate solutions for the future.”

The new portal – to which one-third of AISI participants had already signed up at its launch today – is one such solution, notable not only because it provides better visibility to existing alerts but that it is able to identify with far greater granularity which device on a particular network has been infected with malware.

This is a big change from the AISI service's previous design, in which observations were limited to a particular IP address and offered no additional information about which device on home networks had suffered the malware alert.

“Growth in home networks and business networks in Australia – and in the number of devices attached to a network, such as smartphones, tablets, game consoles – make identifying an infected device much more difficult,” ACMA chairman Chris Chapman said in a statement.

Chapman cited ACMA research suggesting that around half of households, 56 percent of small businesses and 74 percent of medium-sized businesses have networks with five or more devices connected to the Internet.

Many of those devices are old and outdated, running old and unpatched versions of software or even entire operating systems, such as Windows XP, that are no longer officially supported.

This growing demographic makes device-level malware tracking more important than ever, Chapman said. For this reason, the new AISI portal “is local network aware,” he continued.

“It recognises the multiple devices connected to local networks. For the first time, it now provides internet service providers with detailed information about an infection that can determine the problem device within a home or business network.”

That information will help participating ISPs become more proactive in their malware response, contacting customers when malware infections are detected.

“It's important that we recognise that Internet use for home and small business users has evolved exponentially since the early days of the AISI,” McKean said.

“That is why the AISI has needed to move with the times. It's likely, with the emergence of smartphones, that many more home appliances will be Internet contactable – and that this will be a continuing theme into the future. And there's no doubt cyber criminals will continue to keep us on our toes.”

The new portal complements AISI-informed services including ACMA's Phishing Alert Service – which has handled nearly 31,100 phishing reports since January this year – and a spam compliance program that supports spam enforcement for a range of public and private-sector agencies.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags Enex TestLabACMAChris ChapmanCSO AustraliaAustralian Internet Security Initiative (AISI)malware infectionsdevice-level malwareAustralian ISPJulia McKeanMalware-trackingunpatched versions

Show Comments