Trend Micro urges ISP intervention on security

The UK suffered over three million infected host IPs last year

Security experts are urging service providers to be more proactive in tracking infected machines and taking them off their networks, after new statistics showed that many computers remain infected for months on end.

New figures from security vendor Trend Micro released today suggest that the UK suffered over three million infected host IPs last year, a quarter of which belonged to businesses.

The statistics refer only to IP addresses and not individual PCs, but could mean that a lot more that three million devices in the UK were hit last year, according to Trend Micro chief technology officer Dave Rand.

While the average assumed length of time that compromised machines remain infected is about six weeks, Rand said that his research revealed a median infection length of 300 days.

"The number of compromised PCs has gone through the roof," he added. "We live in a world where the malware is outstripping the ability of the malware scanners to keep up, so we need a layered approach to protection."

Rand explained that ISPs in Holland and Turkey are starting to have significant results after proactively seeking to clean up their networks.

Driven by the desire to see their networks run more smoothly and efficiently, service providers in these countries have taken the gamble and the added cost associated with monitoring and informing customers of any unusual activity, and are reaping the benefits, said Rand.

Turkish ISPs had found that the number of compromised hosts which used to send spam dropped from 1.7 million to zero after such action. The infection rate for IP hosts in Holland last year, meanwhile, was just a third that of the UK.

"ISPs need to take a larger role in the overall security of the environment. We can't leave it to the end user," argued Rand. "Turkey did it and it works. Now we want to see it happen in the UK."