Date: 22 December 2010
Click here for printable version
In its role as the Australian Computer Emergency Response Team, AusCERT provides incident response services to its members, the Australian public and the wider global community.
This incident response work can be reactive; for example, in response to a request for assistance from a member or the international CERT community; or proactive, where AusCERT independently looks for evidence of attacks and host compromise in the public domain and attempts to mitigate these incidents and/or notify affected parties.
The majority of AusCERT's work as a computer security incident response team involves proactively looking for evidence of Internet attacks directed at Australian Internet users and organisations with an online presence. AusCERT uses a number of methods to locate, analyse and mitigate these attacks.
We proactively look for the following types of attack:
- phishing sites
- malware hosting sites
- compromised Australian web sites (from .au ccTLD domains) serving malware
- malware logging sites
- compromised hosts owned by home users or organisations
The action we take includes:
- in the case of phishing, malware and logging sites, contacting appropriate parties to stop the attack
- notifying owners of compromised Australian web sites when their sites are hosting malware
- notifying ISPs or affected organisations when their hosts, or their customers' computers, are compromised
- where possible, repatriating compromised data including account credentials captured by malware-infected computers to trusted third parties and/or affected domain owners.
The following graphs reflect this activity and provide an indication of the volume of attacks that have targeted or had an impact on Australian Internet users.