Malware-tracking portal helps Australian ISPs trace bots to device level

Australian Internet service providers (ISPs) will be able to get device-level information about malware infections on their customers' computers after the Australian Internet Security Initiative (AISI) launched an online portal into its expanding malware database.

AISI, run by the Australian Communications and Media Authority (ACMA), has been collecting details of malware compromises from a range of sources since 2005. Some 17 organisations currently contribute to the program, including Microsoft, The Shadowserver Foundation and security research group Team Cymru.

The AISI program currently has some 139 participants and is collecting around 70,000 'observations' of malware every day. And while its nature means that it is “by its very nature retrospective”, ACMA Internet Security Programs section manager Julia McKean said, “it should inform and cultivate solutions for the future.”

The new portal – to which one-third of AISI participants had already signed up at its launch today – is one such solution, notable not only because it provides better visibility to existing alerts but that it is able to identify with far greater granularity which device on a particular network has been infected with malware.

This is a big change from the AISI service's previous design, in which observations were limited to a particular IP address and offered no additional information about which device on home networks had suffered the malware alert.

“Growth in home networks and business networks in Australia – and in the number of devices attached to a network, such as smartphones, tablets, game consoles – make identifying an infected device much more difficult,” ACMA chairman Chris Chapman said in a statement.

Chapman cited ACMA research suggesting that around half of households, 56 percent of small businesses and 74 percent of medium-sized businesses have networks with five or more devices connected to the Internet.

Many of those devices are old and outdated, running old and unpatched versions of software or even entire operating systems, such as Windows XP, that are no longer officially supported.

This growing demographic makes device-level malware tracking more important than ever, Chapman said. For this reason, the new AISI portal “is local network aware,” he continued.

“It recognises the multiple devices connected to local networks. For the first time, it now provides internet service providers with detailed information about an infection that can determine the problem device within a home or business network.”

That information will help participating ISPs become more proactive in their malware response, contacting customers when malware infections are detected.

“It's important that we recognise that Internet use for home and small business users has evolved exponentially since the early days of the AISI,” McKean said.

“That is why the AISI has needed to move with the times. It's likely, with the emergence of smartphones, that many more home appliances will be Internet contactable – and that this will be a continuing theme into the future. And there's no doubt cyber criminals will continue to keep us on our toes.”

The new portal complements AISI-informed services including ACMA's Phishing Alert Service – which has handled nearly 31,100 phishing reports since January this year – and a spam compliance program that supports spam enforcement for a range of public and private-sector agencies.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Enex TestLabACMAChris ChapmanCSO AustraliaAustralian Internet Security Initiative (AISI)malware infectionsdevice-level malwareAustralian ISPJulia McKeanMalware-trackingunpatched versions

More about Australian Communications and Media AuthorityCSOEnex TestLabe-SecurityMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts