Subscribe:
17 Sep 2013
By Alan Crouch
Sep
17
2013

Malware suppression technology on the BigPond Network

computer-keyboard_hero

Many of us have experienced the effects of a computer virus. Most of the time they can simply be annoying but sometimes they can have a more devious intent.

Research* shows that as many as 10 per cent of home networks are infected with malicious software (malware) and that 6 per cent of broadband users are infected with types of malware related to botnets (a collection of malware communicating to each other). Botnets are often created and distributed by cybercriminals so they can work from within your computer, without your knowledge, to send SPAM and attack other computers and websites.

From October we will be lending a helping hand.

We are upgrading the Telstra BigPond Network with new technology to help limit the effect and spread of malware and protect our customers.

We are the first Internet Service Provider in Australia to deploy this technology, which is already used in North America and Europe. It is a part of our ongoing commitment to a safe and secure Telstra BigPond network.

What is malware?

Malware is another name for malicious software such as viruses and spyware. It can live on our computers and devices, often without us even knowing.

Malware related to botnets can communicate over your internet connection with what is known as a ‘Command and Control’ server. Command and Control servers are generally managed by cybercriminals who can use your computer to carry out malicious activities and potentially access your personal information.

What is malware suppression technology?

Malware suppression technology helps to prevent computers and devices infected with malware relating to botnets communicate with their Command and Control servers.

Because it is a network feature you will not notice anything different with your internet service.

All customers on the BigPond Network will receive an email in the next couple of weeks explaining the changes in detail.

How does malware suppression work?

In order to communicate with its Command and Control server the malware on your computer or device will make a request to our Domain Name Servers (DNS). Your computer makes DNS requests every day when visiting websites. For example when visiting www.telstra.com your computer will send a DNS request and our servers will return an IP address so you can see the content on the website.

If your computer or device is infected with malware it may perform a DNS request to try and connect to a known Command and Control server. The malware suppression technology on our network will recognise this DNS request as unusual and prevent the connection from going through.

Because the malware suppression technology only observes DNS queries and not internet traffic, no internet search history, browsing data or any other customer data is recorded, retained or sent to a third party.

Malware suppression technology is not a substitute for protecting yourself online. It is important to protect your computer and devices from malware with up to date anti-virus software and take steps to protect your personal information, like having strong passwords.

You can find more information on Telstra’s malware suppression technology on the Telstra Help and Support webpage.

* Kindsight Security Labs Malware Report – Q2 2013

By

Posts: 4

10 Comments

  1. Ly Nguyen says:

    A very wise investment. Our customers will feel more protected. Welldone Teltra.

  2. Myles Nicholas says:

    I use Google Chrome as my internet browser.
    Google has visited every site on the web, it knows whether a site has embedded Malware.
    So when you visit a page, the screen turns bright red and asks you if you want to proceed, the malware warning allows you to close the page.
    Usually I find there are advertising links on a page that are responsible for the Google warning. I have often advised the webpage owner with a good success rate on my favourite web sites.
    Bigpond need not help me.

    • DNS Doug says:

      I agree with what you’re saying about malware. Chrome does a reasonably good job of that. However, bot C&C traffic is not generated by a browser and is not destined for a Web page! It’s generated by a machine process where no magical red screen can be delivered by Google or anyone else. The request is sent to a server, but not a Web site. Because of that, you will not have the luxury of even knowing your machine is trying to access this domain (no browser involved at all). It is completely and dangerously transparent. Kudos to Telstra for protecting users from the invisible threats.

    • Marko says:

      You don’t need the help? Well done.

      What about all the older people? Or children? Or generally non-tech-savvy people? You said yourself that innocuous websites can be infected through their advertising.

      The people who get scammed and their data stolen and lose their life savings due to malware? Don’t they deserve the help?

      Or even if they don’t lose anything, but are simply the facilitators of botnets that are used for DOS attacks or hacking attempts to steal data from other people and companies, do we not have a responsibility as citizens of the internet to help shut down as many avenues of attack as possible?

      Quite frankly, I’m surprised that it’s taken so long for an ISP to block traffic to known botnet operators, considering there has been 3rd party consumer software that does this for years.

      Blocking websites because of content I do not agree with. Blocking botnet hosts I do.

      If there’s negligible impact on network performance and the system is not abused (and blocks are visibly displayed, explained and are able to be reversed when necessary), then why not?

      I’m happy that you take steps to protect yourself, but that just means that this is not about you. It’s about everyone else.

    • Joe says:

      Wow your such a star what would the world do without you! Credit where credit is due, well done Telstra!

  3. Orville says:

    Telstra, please clarify something.

    Does this apply ***only*** to DNS requests that are directed to DNS servers that are operated by Telstra?

    Or does this apply to ***all*** DNS requests, regardless of the DNS server that is used?

  4. Gregory Opera says:

    Given the controversy over the Internet filter Stephen Conroy and his bandits attempted to implement a while back and Australia’s international reputation of being a “police state”, I am hesitant to embrace this with open arms…

    However, many Internet users are uneducated (in computer/Internet usage) or simply ignorant and quite often find themselves in places they didn’t intend to be or downloading content harmful to their computer and privacy (often without the user’s knowledge).

    Therefore, I reluctantly embrace these steps… Yes the malware suppression should be enabled by default, but with an “opt-out feature”.

    This will protect most users, and give more experienced computer users the freedom to maintain their own privacy and security…

    If it is not feasible to give individual users an “opt-out” feature, then Telstra shouldn’t really be forcing this upon its users.

    Let’s not forget that it wasn’t too long ago that Telstra found itself in hot water (with customers, not the law) because some of its data traffic was being filtered via a North American security company… Given the recent NSA/US Government controversy (which some of us have suspected for years, but not been able to prove), this move to implement “malware suppression” is frowned-upon by the more tech savvy amongst us.

    I appreciate Telstra’s moves to protect the “everyday Joe”, but a move like this is enough to make me look to alternatives… Especially with the NBN (or whatever the new Government offers) just around the corner, as secondary ISPs will no longer be relying on Telstra infrastructure.

    Given I am a very proud former employee (of Telstra), that’s a pretty bold claim… But this is how strongly I feel about this.

    • Orville says:

      >”it wasn’t too long ago that Telstra found itself in hot water (with customers, not the law) because some of its data traffic was being filtered via a North American security company”

      Yet, from the link above, there is still a US and hence NSA connection. (Nowhere near as bad as sending full URLs overseas though.)

      Q. Is Telstra sending my browsing history to others or overseas?

      A. Our DNS servers only perform a local analysis of DNS queries to attempt to determine whether a computer is trying to contact a known botnet or command & control server.

      At times, the DNS server may notice a pattern of queries from a number of different users which looks suspicious (for example, why would a real user try to go to a domain like qwe54fggty.dyndns.biz?). In this case, information about the suspicious target domain might be sent to our partner in California to examine whether the domain is a botnet or command & control server.

      This information does not contain anything that can be linked to you or your service.

    • Orville says:

      >”why would a real user try to go to a domain like qwe54fggty.dyndns.biz?

      The proposition that a real user would not go to such a domain is dubious.

      For a main web page, maybe, but many web pages contain embedded content that is often hosted on another domain and often has a fairly inscrutable URL. The user does not see or control this.

      Also, this is exactly the sort of domain that makes the claim that “This information does not contain anything that can be linked to you or your service” false.

      There are known attacks that work in this way i.e. construct a dynamic domain that uniquely identifies the source computer and then track the DNS request at the DNS server.

  5. Jason says:

    Well then, I guess we’ve found the cause of the DNS issues that cable users have been experiencing on and off for months now.

    Thanks for breaking the internet Telstra!

Leave a Comment


five + = 12

Heads up! You are attempting to upload an invalid image. If saved, this image will not display with your comment.