Quote:The Internet Industry Association (IIA) has drafted a new code of conduct that suggests Internet Service Providers (ISPs) contact, and in some cases disconnect, customers that have malware-infected computers.

The drafted code, which will not be mandatory, suggested ISPs take a four-step approach to protecting customers.

    * Identification of compromised computers
    * Contact affected customer
    * Provision of information and advice to fix the compromised system; and
    * A reporting function for alerting about serious scale threats, such as those, that may threaten national security.

"Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem," the new code states.

Chief regulatory officer of ISP iiNet, Steve Dalby, said he would adhere to the code if the process could be automated and development costs weren't prohibitive.

"Potentially it's something that wee would do. If there were some costs wee might consider whether government funding was available, but again it's very hypothetical," Dalby said.

IBRS analyst James Turner welcomed the move and said ISPs should be able to find a way to fund the initiative.

"They'll find a way of commercialising it and making it, at the very least, cost neutral if not cost positive," he said.

Turner said it was reasonable to expect a form of "quality control" for computers connected to the internet in a similar way cars need to be roadworthy.