It's time ISP's were held accountable!

The biggest threat on the Internet, by far, are the millions of end user machines infected by a virus/trojan. It's the end result of someone clicking an attachment/running an infected file/not applying the most recent security patch and effectively giving their computer over to someone who is going to use it for nefarious purposes.

That person first copies all useable personal information off that computer (credit cards, accounts and passwords, etc.), then turns it into a Zombie (a machine waiting to be controlled). These Zombie machines are the individual units of much larger bot nets and they are attacking in greater numbers than ever before.

Some of these bot nets are numbering hundreds of thousands of machines and quite possibly might be nearing a million. A bot net is controlled as a single computer. It's easily the worlds largest multiprocessor server and time is sold on it at a premium. Spammers are currently the biggest customers.

On an average day we see 30,000-100,000 zombied machines attempting to send us spam via a dictionary attack (each zombie seems to try about 1000 addresses). A dictionary attack is where the spam is sent to thousands of common e-mail addresses in hopes that at least some of them will be real accounts.

In addition we receive tens of thousands to hundreds of thousands of bounces a day because of these same zombies trying this on other mail services with one of our domains forged in the from line. Those other mail services send a "User Unknown" bounce for each of those dictionary attacks to the forged address in the from line. The end result is that we have had to deal with boat loads message attempts a day, and we are just a small service.

It was like someone turned on a firehose. This was just outright flattening our mail server and none of it was legitimate traffic at all. I was forced to unplug the machine from the net and begin coding. Fortunately the zombies are easy to identify because they hit so hard and fast and I was able to develop a real time blocking script, but we still should not have to deal with these machines.

Even with blocking we still must deal with a very large number of attempts to connect by new zombies every day. They use connections even though they are rejected. They can still hit the server with new attempts so fast that it's forced to stop accepting all connections, including legitimate ones. Why do we have to deal with this? Well, the answer is threefold.

First is that some end user, either through ignorance or deliberate avoidance, will always be letting their machine get infected by a trojan. Second, some criminal will always be sending new trojans, each more highly evolved, all designed to build a huge "zombie bot net" that he can use and sell access to at his whim. And third, the ISP's who host these zombies through either apathy, ignorance, or deliberate avoidance will continue to let these machines run on their network free from any consequences. It's a three shot combo with no one accepting any responsibility and as a result these machines are growing in numbers, not shrinking. This is wrong!

Something must be done about this, someone must be held responsible. It's not practical for those at the mercy of the zombies to go after each of the individual end users. We can't go after the person(s) controlling the zombies because no one knows who they are. That leaves the ISP's that are willingly, knowingly, and what seems like gladly, allowing these zombies to stay connected and do whatever they will. It's time they are held legally responsible for the damage they allow. They won't do it on their own, so they need to be forced to disconnect these infected machines.

It's time Comcast and Charter (to name the biggest two offenders. Each knowingly allows hundreds of thousands of zombied machines free run from their networks), were sued for lost income, costs associated with cleanup, and other damages. Machines on their network almost cost our bankruptcy and what was their response? None. We were completely ignored. Our logs of identified zombie machines on their networks were ignored. They do not care about these zombies on their network and they appear to have have no intention of stopping them.

That is criminal and something must be done to force these companies to disconnect the zombied machines from their network. If nothing is done, they will soon gladly continue to host millions of trojaned machines, together able to flatten any service or server out there, including critical government security systems. Together possibly the worlds largest supercomputer, that just takes an edit in the trojan code.

Yes, this trojaned army of machines will be used for terrorism some day. Think about it, a cluster of high performance computers numbering over a million and acting as the worlds largest supercomputer. Now realize that it is completely under criminal control. And Comcast, Charter, and other ISPs will likely still be helping them do it even after receiving early warning.

Am I angry about this? You bet! If I allowed even 10 machines on my network to be used to attack other networks and ignored people complaining about it, I'd lose my Internet access and probably go to jail. Why are Comcast, Charter, and other ISP's permitted to get away with allowing millions of machines on their network to attack my servers and ignore me when I complain about it? That's a simple answer, it's because they have the money to make it difficult to fight them over it. But if something isn't done, and soon, we may all be very sorry.