[security-alerts] FYI: Cox Tries to Erase Bots

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

>
>  --Cox Tries to Erase Bots
> (July 23 & 26, 2007)
> In an attempt to thwart botmasters, Internet service provider
> (ISP) Cox
> Communications has configured their DNS to redirect traffic trying to
> reach certain IRC channels to its own IRC server.  This is an attempt
> to prevent computers that are part of botnets from receiving
> instructions.  When the computers have been redirected, Cox's server
> attempts to remove the bot software.  The practice has raised ethical
> concerns.
> http://blog.wired.com/27bstroke6/2007/07/isp-seen-breaki.html
> http://www.heise-security.co.uk/news/93256
> http://www.computerworld.com/blogs/node/5908
> [Editor's Note (Pescatore): There does need to be some formalization
> about this kind of practice and there definitely needs to be up front
> notification to customers, but more of this needs to be done by ISPs.
> Most ISP contractual agreements contain terms of service clauses or
> acceptable use policies that essentially prohibit customers from
> participating in botnets. So, ISPs could simply terminate connectivity
> for any customers who are infested with botnets, but that is
> pretty much
> lose-lose for the ISP and their customers - most customers don't even
> know they have bots installed. More security services routinely built
> into the cloud is a good and needed thing - but up front notification
> to customers in advance is definitely required to give users choice to
> select an ISP who doesn't do so, if for some strange reason
> they prefer
> to be an active part of a botnet.]
>
>