'

ISPs cut off virus-infected customers

Telewest has become the first UK ISP to suspend the accounts of customers who leave virus-infected computers running and fail to patch them

British Internet users who fail to protect their machines against virulent computer viruses such as Nimda could have their Internet connections suspended by their Internet service provider.

UK ISP Telewest has been the first to take direct action against customers who have refused to patch their computers against the Nimda worm, or have left infected PCs running. The company insists that these are "sensible" measures to protect its blueyonder customers from malicious worms that are able to self-propagate across networks without user intervention.

"Telewest, in line with other service providers, has put into practice a virus protection strategy to prevent infection of our network," said a spokeswoman at the company. "Protective measures include the temporary removal of service from customers who are virus-infected and who may have not taken appropriate preventive measures."

The destructive Nimda virus was unleashed into the wild last month, and comprised a mass-mailing component enabling it to propagate on a massive scale. The worm spreads in several ways: it can arrive as an attachment entitled Readme.exe, and is programmed to automatically archive the attachment so that the executable file can run without the end user having to double-click on it. Nimda can also be spread from infected servers running Microsoft IIS software, which it uses to attack other servers across the Internet.

The ISP crackdown is to prevent customers' computers from acting as a proxy to scout for other vulnerable PCs. "Some people may be a Typhoid Mary, spreading the disease onto anyone that they are in contact with, and so need to be isolated," said Graham Cluley, senior technology consultant at security firm Sophos. "But I hope that any ISP would get in contact with the customer first."

Freeserve used Nimda as an opportunity to remind users of their responsibility to patch their machines against known and publicised exploits. An email was circulated to all customers that read: "It is important that Internet users take safeguards against viruses of this nature. Your PC may otherwise become infected without your knowledge. If this happens, you may easily infect other peoples' PCs with which you have contact."

"It all comes down to the terms of service, and deciding where you draw the line," said Graham Cluley. "If a site is vulnerable (i.e. hasn't been patched) but hasn't been infected, do you suspend that account?"

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.