Text size AAA

Action for removal of malware

Removal of malware; cooperation with ISPs

ACTIVE sets up a decoy machine on the Internet— ,in also known as a honeypot—which is intentionally infected by malware through vulnerability set in advance. Generally, parties sending malware are recognized to have malware infection. ACTIVE tries to identity the parties in cooperation with ISPs and these ISPs warn the parties to take appropriate countermeasures to remove malware.

The illustration below outlines the flow for this action

Malware capture

ACTIVE sets up decoy machines, or honeypots, on the Internet and begins malware captures.

Identification of infected users

Using the malware collected by the honeypots, the ISPs are provided with information on when and from where the malware came, in order to identify which users are likely to have malware infection.

Warning mail sent to users

The ISPs send warning mails to users who are reconized to have malware infection, with the URL of the instruction site .

Malware removed

The Internet users access the instruction site and get information needed to remove malware.
The instruction site provides useful information such as antivirus vendors' site where antivirus softwares can be downloaded to remove malware.