Comcast to alert customers if machines are botted

Share this article:

Comcast, the nation's largest internet service provider, has begun delivering browser alerts to a portion of its residential customers to notify them if their PCs are infected with malware.

The pilot program, which began Friday, marks one of the first times an ISP has taken the measure of cleaning its network of bot-infected machines.

Comcast hopes to extend the initiative to its 15.3 million broadband customers by early next year, spokesman Charlie Douglas told SCMagazineUS.com on Monday. The program was launched in the Denver market, where already hundreds of customers have received the "service notice." It informs users that their computers are infected with a virus and asks them to visit Comcast's anti-virus portal, which includes free security software from McAfee.

If users don't react to the service alert, they again will be prompted in seven days, Douglas said. 

"If you're familiar with bots, you know how virulent they are," Douglas told SCMagazineUS.com on Monday. "They're increasingly becoming more sophisticated where you've got organized crime syndicates who are building, with multi-person teams, these bots and launching them."

Ira Winkler, president of the Internet Security Advisors Group and a longtime proponent of ISPs sharing some of the cybersecurity burden with end-users, said he welcomes the move.

"Frankly, I think I'm going to switch to Comcast because of this," Winkler told SCMagazineUS.com on Monday. "This is a revolutionary move in the right direction. To actually see an ISP stand up and say that they are going to proactively try to prevent infected systems, that's a very good thing."

He said ISPs traditionally have taken a hands-off approach, saying they are not legally required to monitor traffic traversing their pipes. But Winkler said Comcast's move makes sense, especially considering the company is the one stuck with the bill of unnecessary bandwidth consumption that may be caused by compromised machines sending spam or launching denial-of-service attacks.

Other ISPs may follow Comcast's lead.

"They're the first touch on the internet for all these infected systems," Winkler said. "They frankly are the ones who have to deal with it the most. They have to deal with the repercussions."

In addition, Winkler said ISPs should be fearful of potential extortion plots involving zombie machines on their network.

"If I wanted to compromise an ISP, I'd put a large number of bots on their network and then say that if you don't give me the money, I'm going to spew data [from the infected machines]," Winkler said.

Comcast is drawing on data from organizations such as the nonprofit Spamhaus to locate IP addresses that have been flagged as sources of malicious traffic, such as spam, Douglas said. Then, company engineers will conduct a behavioral analysis to confirm which machines may be infected with a bot.

He said the new service will not cost users any additional money but said he was not sure how much Comcast would be investing. For the past year, Comcast has been notifying some users via phone if their computers were controlled by an attacker. Based on the positive reaction from that project, the company decided to extend the service to the web.

"We just felt it was the right thing to do," Douglas said. "This is something we've been building for some time. It's time to bring it out and let the public know that we're not going to let the bad guys win."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.