British ISP to banish virus spreaders

LONDON--British Internet users who fail to protect their machines against virulent computer viruses such as Nimda could have their Internet connections suspended by their Internet service provider.

British ISP Telewest has been the first to take direct action against customers who have refused to patch their computers against the Nimda worm or have left infected PCs running. The company insists that these are "sensible" measures to protect customers from malicious worms that are able to self-propagate across networks without user intervention.

"Telewest, in line with other service providers, has put into practice a virus protection strategy to prevent infection of our network," said a spokeswoman at the company. "Protective measures include the temporary removal of service from customers who are virus infected and who may have not taken appropriate preventive measures."

The destructive Nimda virus was unleashed into the wild last month and included a mass-mailing component enabling it to propagate on a massive scale. The worm spreads in several ways: It can arrive as an attachment entitled Readme.exe and is programmed to automatically archive the attachment so that the executable file can run without the end user having to double click on it. Nimda can also be spread from infected servers running Microsoft IIS Web server software, which it uses to attack other servers across the Internet.

The ISP crackdown is to prevent customers' computers from acting as a proxy to scout for other vulnerable PCs. "Some people may be a Typhoid Mary, spreading the disease onto anyone that they are in contact with, and so need to be isolated," said Graham Cluley, senior technology consultant at Sophos, a security company. "But I hope that any ISP would get in contact with the customer first."

Freeserve used Nimda as an opportunity to remind people of their responsibility to patch their machines against known and publicized exploits. An email message circulated to all customers stated: "It is important that Internet users take safeguards against viruses of this nature. Your PC may otherwise become infected without your knowledge. If this happens, you may easily infect other peoples' PCs with which you have contact."

"It all comes down to the terms of service and deciding where you draw the line," said Cluley. "If a site is vulnerable (ie, hasn't been patched) but hasn't been infected, do you suspend that account?"