Slashdot Mirror


Comcast Warns Customers Suspected of Bot Infection

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

8 of 196 comments (clear)

  1. Antivirus2010 by Anonymous Coward · · Score: 5, Insightful

    ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
    www.c0mcast.net/antivirus.exe

  2. Re:Mixed feelings by shoehornjob · · Score: 4, Insightful

    Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats. The thing that gets most people though is the drive by bots. People have to abandon the plug and play web mentality as that's what gets them in trouble. One person told me she got a pop up telling her that the computer was infected with 45 viruses. I'm like WTF?? but they fall for it all the time. Education is the only thing that can fix that problem.

    --
    "We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
  3. Re:Mixed feelings by Nerdfest · · Score: 3, Insightful

    If they''re inspecting your traffic (and I really don't think they should be allowed to without a warrant) this is probably one of the few good things that they could do with what they see.

  4. Re:Mixed feelings by MoonBuggy · · Score: 4, Insightful

    One person told me she got a pop up telling her that the computer was infected with 45 viruses.

    A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.

    An email to the address they have on file would be much less creepy and more effective, IMO.

  5. Re:Wait, what? by ceep · · Score: 4, Insightful

    I think this is a good method. It's a lot harder to ignore than other ways that you've suggested (how much of an automated phone message would you listen to if it started as "This is a courtesy call from Comcast internet services ..."). HTTP also a service that people are more likely to use every day, and there's little chance that an errant spam filter will block it.

    A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.

  6. Re:Mixed feelings by Capt.DrumkenBum · · Score: 3, Insightful

    An email to the address they have on file would be much less creepy and more effective, IMO.

    Because people will ignore the email.
    Just one more piece of spam.

    --
    If I were God, wouldn't I protect my churches from acts of me?
  7. Re:Wait, what? by Dunbal · · Score: 3, Insightful

    Let's look at the following:

    1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
    2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.

    I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.

    --
    Seven puppies were harmed during the making of this post.
  8. Good idea, but a bad implementation by izomiac · · Score: 3, Insightful

    I think it's great that Comcast is trying to address the bot problem. But they picked a rather poor method IMHO. Surely it's obvious that you can't rely on the infected computer to relay the message... All the bot has to do is run a filtering proxy server and these HTTP insertions are long gone. The best solution would be to use another communication device, i.e. a telephone or letter. Besides, you may have a little old lady that only uses (non-ISP) e-mail twice a month, which might not get the message.

    My own ISP does something similar, but a little better (again, IMHO). A few weeks ago I opened my wireless network because one of my devices was choking on WPA2. Sure enough, someone must have hopped on it and sent a fair bit of spam. So my ISP killed my connection and changed the DNS server so everything resolved to their "Call tech support now" page (although it took a while to for me to figure that out since I wasn't using their DNS server, but I digress). A quick call had me talking with a representative with an explanation, and I was reconnected. (Obviously I re-enabled WPA2 and blocked/logged port 25 at the router in case I really did get rooted.)