In Finland, some ISPs proactively detect spamming botnets
and do something about it.
A small company that does computer maintenance,
“HS-Works Oy” located in Helsinki,
received a computer from a customer that needed to be fixed since it
was acting slow.
HS-Works personnel hooked up the malfunctioning computer to the
company’s switch to gain Internet access and so they could control it over
After the computer was through the LAN to the Internet for a while, the
local ISP (Sonera)
realized someone from HS-Works was connecting to a known botnet
and acting in possibly malicious way.
So what did the ISP do?
The solution was rigid:
they closed the Internet connection from HS-works and informed the company
via an SMS message that there had been illicit or malicious connections
originating from their IP address and the connection would remain closed
until the problem was solved. All web traffic was directed to the ISP’s
“Access blocked” page, which offers
a link to a free 30-day trial of Sonera Internet Security package
(F-Secure software branded under Sonera name).
Network access would be returned after the infected host was fixed
or removed from the network.
The company raised their firewalls to a more strict level
and got the Internet access back on the same day.
How about Finland’s ranking in spam listings in general and the rest
of the big Finnish ISP policies on spam? Stay tuned, more information
about these on the next post!