ISPs were urged on Monday to check their user traffic patterns to locate and shut down machines infected with the mass-mailing Sober worm. Although Sober is no longer trying to replicate, antivirus company F-Secure believes ISPs must warn infected customers so they can disinfect themselves.
“ISPs: we urge you to check your user traffic patterns. Locate the users that produce an unlikely large amount of constant hits to people.freenet.de, scifi.pages.at, home.pages.at, free.pages.at and home.arcor.de. Contact these users and let them know they are likely to be infected with Sober and they should clean up their act,” F-Secure said on its blog.
Computers infected by Sober are likely to contain spyware, or could have been turned into zombie PCs and used to send spam or launch denial-of-service attacks. They could also download a Sober update in the future, sparking another mass-mailing attack. F-Secure said ISPs should let customers know they have been infected automatically, and redirect users to sites so they can disinfect their machines.
AOL said it would not be contacting users, as it put more emphasis on prevention of infection through email filtering, and blocking links to certain Web sites. Users who had been infected had access to McAfee antivirus services, AOL said.
AOL’s corporatespeak answer about policing themselves is automatically suspect in my book. Add to that equation — crappy software from McAfee and it’s just another copout.
I find this strange, because if you go simply by AOL’s TV ads, you get the impression that it’s a security company and NOT an ISP. It’s all about protecting you and your kids from spyware, viruses, etc.
Thus it’s quite ironic that AOL refuses to alert users of known security problems.
AOL software is a virus by itself. tgcmd.exe aoltpspd.exe, aoltsmon.exe, acsud.exe, PortMagic, etc. I tried killing the processes of topspeed and tsmon, and they get recreated instantly.