In Finland, some ISPs proactively detect spamming botnets and do something about it.

A small company that does computer maintenance, “HS-Works Oy” located in Helsinki, Finland, received a computer from a customer that needed to be fixed since it was acting slow. HS-Works personnel hooked up the malfunctioning computer to the company’s switch to gain Internet access and so they could control it over their LAN.

After the computer was through the LAN to the Internet for a while, the local ISP (Sonera) realized someone from HS-Works was connecting to a known botnet and acting in possibly malicious way. So what did the ISP do?

The solution was rigid: they closed the Internet connection from HS-works and informed the company via an SMS message that there had been illicit or malicious connections originating from their IP address and the connection would remain closed until the problem was solved. All web traffic was directed to the ISP’s “Access blocked” page, which offers a link to a free 30-day trial of Sonera Internet Security package (F-Secure software branded under Sonera name).

Network access would be returned after the infected host was fixed or removed from the network. The company raised their firewalls to a more strict level and got the Internet access back on the same day.

How about Finland’s ranking in spam listings in general and the rest of the big Finnish ISP policies on spam? Stay tuned, more information about these on the next post!

-Sami Sainio