Skip Navigation

Telia to block trojan-infected PCs
Tuesday 04 November 2003 17:31:00 by Sebastien Lahtinen

TheRegister is reporting that TeliaSonera, one of the largest telecommunications operators in Europe is introducing a policy to block all traffic to/from computers hosted on its network that send unsolicited bulk e-mail (spam).

The flood of viruses and spam has increased dramatically over the last few months because of the lack of security on most broadband connections, with many users not having any firewall software installed and not keeping their PC up-to-date (e.g. via Windows Update for Microsoft Windows). Fortunately new operating systems push users to set up automatic update schedules and have firewalls built in encouraging safer computing.

However this is not always enough as an average user is not necessarily careful enough with the content they download from the Internet. When a user is infected by a trojan, their PC can become an attack node to take down web sites or send untraceable junk e-mail. Over the last year, this has become an increasingly popular way for spam senders to combat the effect of blackhole lists which makes server operators take more care over insecure servers and open relays.

Telia have now decided that they've had enough of the tens of thousands of complaints being received about spam from their network and the delays that many users think are acceptable to fix compromised systems and have introduced a policy that blocks all connectivity to systems which are compromised. Admittedly it's a very strict approach that may make some customers who do not understand the importance of security turn away from the company but the move should also be applauded as an ISP deciding to take responsibility for the traffic that passes through their networks (to the extent of blocking traffic known to be harmful) and then advising their users how to disinfect their systems so that their connection can be enabled again.

"Broadband users who have infected systems, are largely unaware of the issues they are causing. Taking this type of unilateral action against them is likely to confuse the situation even further. At PlusNet we have been looking at more intelligent ways of alerting customers to such issues. We have already blocked the ports associated with the Trojans, and are now looking at methods of proactively directing customers to online content on how to patch their systems and the importance of installing firewalls and anti-virus software on their computers."

Ian Wild, PlusNet

UK ISPs have been careful in introducing measures to block or control traffic in general in an effort not to upset users but increasing numbers are looking to block traffic using more intelligent methods when it is obvious that a computer has been compromised as the costs of dealing with abuse reports are ever growing.

Are Telia going over the top or are they acting in support of the Internet community? Feel free to comment on our Security Related Issues forum. We think it's a step in the right direction in any case. [seb]


There are currently no comments about this news item.

You must be logged in to post comments. Click here to login.