Re: ISP Operators AISURU/Kimwolf botnet

[Mel Beckman via NANOG <nanog () lists nanog org>]

“Where did I get the bad tacos from if not the cab driver?”

You are being willfully ignorant now. Have a good day.

-mel via cell

On Jan 17, 2026, at 9:09 AM, Mike Simpson <mikie.simpson () gmail com> wrote:


So where are they getting the malware from if not from their ISP?

Should we hold the consumers responsible for their lack of tech knowhow when corporations with actual ITSEC departments 
get owned all the time or is that a total abrogation of responsibility from the people who are taking the money to 
provide the service or hardware?

I think the “we aren’t responsible for anything that comes down the pipe to the end users because doing otherwise will 
cost $$$ and impact our revenue” is a stance that shouldn’t hold true anymore.

I wonder how clearly you advertise the fact in your sales literature that a user needs to have more technical security 
knowhow or needs to care more than fortinet to safely connect to your network.

That combined with all the reasons why having your users being infested is bad for you should make you want to do more 
about it. Being a diseased network spewing infection is surely seen as bad practice and “it’s the fault of the users 
and there is nothing we are willing to do to change that” shouldn’t be adequate.



On 17 Jan 2026, at 16:26, Tom Beecher <beecher () beecher cc> wrote:


If you didn’t want your customers being infected then don’t serve them malware and then blame them for getting owned 
and it impacting on your network or your upstreams.

ISPs aren't 'serving customers malware'. Come on.

There is a shared responsibility here. ISPs need to take reasonable precautions to block bad, while also ensuring that 
users can use the access they provide in the ways they chose to do so. End users need to have a basic level of 
understanding that the 'naked' internet is a nasty place, and many network enabled devices are poorly designed, so 
having some level of network security is important.



On Sat, Jan 17, 2026 at 9:23 AM Mike Simpson via NANOG <nanog () lists nanog org<mailto:nanog () lists nanog org>> 
wrote:
Again tho.
What does it matter to the customer. It’s not impacting on their bottom line. They are used to fairly rubbish service 
for a huge multitude of reasons so their bandwidth being a bit slashdotted doesn’t matter to them. That’s why it’s a 
ddos.

The only reason they got infected wasn’t their fault. It’s the fault of every company that believes that a eula is the 
end of their liability.

If you didn’t want your customers being infected then don’t serve them malware and then blame them for getting owned 
and it impacting on your network or your upstreams.

This is something that should have been sorted out after nimda but that wouldn’t have boosted shareholder value 
apparently.

Your users aren’t aware that it’s not safe to plug stuff into the network you provide in the same way that they would 
expect a firewall not to get them owned or that a VPN device would be safe to use.

-this is our fault, our failing, and we need to stop our knee jerk victim shaming and do better.

> On 17 Jan 2026, at 12:49, Mel Beckman <mel () beckman org<mailto:mel () beckman org>> wrote:
>
> Mike,
>
> I agree with you where ISPs choose insecure CPE and force their customers to use it. But in the case of AISURU, It’s 
> not the CPE causing the problem, it’s the customer’s buggy android-based IoT.
>
> -mel
>
> > On Jan 17, 2026, at 4:16 AM, Mike Simpson <mikie.simpson () gmail com<mailto:mikie.simpson () gmail com>> wrote:
> >
> > “immediately recognize any they own, which will drive home the point that this is their problem”
> >
> > That’s some grade A victim blaming bs there.
> >
> > “The rubbish CPE that we forced you to have is now owned and it’s upsetting our eyeballs only peering arrangements 
> > so you need to sort it out”
> >
> > ISPs are only not accountable legally for the content of the packets they transport. That doesn’t mean they are not 
> > responsible for the terrible routers they give out.
> >
> > Your customers in the main don’t care as they are used to flaky internet service. It’s the problem of the ISP as it 
> > only really impacts on them in an aggregated form so as that’s where the pain is, that’s who is “it” for solving it.
> >
> > -don’t hand out cheap pos un-updatable CPE or do (shareholder value/ enshittification) and accept the consequences 
> > with good grace.
> >
> >
> >
> > > > On 17 Jan 2026, at 02:10, Mel Beckman via NANOG <nanog () lists nanog org<mailto:nanog () lists nanog org>> wrote:
> > >
> > > immediately recognize any they own, which will drive home the point that this is their problem
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/SAEZI4VPMBOHWTH267E5ZOFIIOREGHYO/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PSGYRKMPI2BZGAOAYPZETO5V2XNXKTYU/