Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Warns Customers Suspected of Bot Infection

Posted by Soulskill on from the wonder-what-this-does-when-it-detects-torrents dept.

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

9 of 196 comments (clear)

  1. Wait, what? by XanC · · Score: 3, Interesting

    The method they chose for notification is to man-in-the-middle my connections? Are they injecting Javascript into sites I visit? Does this mess with protocols other than HTTP? Why can't they just send an email to the account holder, or call them with a recorded message? Why break your service in order to fix it?

  2. It's about damned time the ISPs get involved. by pecosdave · · Score: 1, Interesting

    If you're infested with a botnet you are doing harm. In short infested computers create attackers and ISPs need to take responsibility for the attackers on their networks. I was more concerned that ISPs have NOT done this until now.

    --
    The preceding post was not a Slashvertisement.
  3. Well it's about friggin' time! by ThreeGigs · · Score: 2, Interesting

    Now if every other ISP would do something similar. Maybe block access until a user reads a notice or something.

    That said, Comcast's way of doing this might look to me like the website I was looking at was trying to sell me malware... like one of those "YOU'RE INFECTED! SCAN NOW?" popups.

  4. I use a router... by erroneus · · Score: 1, Interesting

    But I didn't have a hard time determining which machine it was. My son was visiting and he was running Windows. Everything else is Linux and one Mac. Not hard to figure it out.

  5. Re:Excellent idea by green1 · · Score: 3, Interesting

    What happened to the good old days of ISPs where if your computer was being a menace the ISP phoned you, and if you still didn't fix it they cut off your internet access until you did?

    It worked. and it worked well.

  6. Re:Mixed feelings by Hamsterdan · · Score: 4, Interesting

    What about a phone call? My ISP does this. Granted, it only has about 1.5 million customers. The way it goes is first, a phone call, if they are unable to talk to the person, they disable the modem until they call back. They only do this for large botnets, unless they receive a complaint about an IP.

    But it *IS* effective.

    Overlays and emails will only teach people to click on fake antivirus warnings, like you said...

    --
    I've got better things to do tonight than die.
  7. Re:Mixed feelings by PopeRatzo · · Score: 2, Interesting

    It's good that Comcast is actually doing something, but I'm not really sure how effective it will be, and the precedent it sets makes me a little leery.

    Who wants to bet that torrent trackers and users of uTorrent will end up with these "overlays"?

    --
    You are welcome on my lawn.
  8. Do we really want botnets to go away? by mykos · · Score: 3, Interesting

    I'm kind of torn on botnets. The only sites that get taken down by botnets that I have read about lately are sites of organizations I wish didn't exist anyway.

    When ACTA inevitably becomes the law of the land, DDoS will be one of the few weapons we plebes will have left against corporatism.

  9. Extremely stupid ideas by Anonymous Coward · · Score: 1, Interesting

    Why I think comcasts idea sucks:

    1. If you have an issue call me - even if its an IVR doing the calling or send me a letter. Given what comcast users pay for HSI there is no fricking excuse for the default notification to be inject shit into my packets.

    2. How does comcast know the consumer of the notification is a human?Everything under the fricking sun uses HTTP as a transport nowadays. What if they inject their crap into a protocol exchange that corrupts a computer to computer transaction? The draft they submitted to IETF marks a manually entered list of exceptions as a bullet point but this is obviously totally insufficient.

    3. How the hell is the average user going to be able to tell the difference between a Comcast message and a phishers web site with a fake notification? Remember the messages are going out to users who were stupid enough to fall for being drafted into a botnet army in the first place!!

    Comcast should fully expect this to be treated as an open door for phishers to steal account information now that the emails have gone out announcing its presence.

    4. It actually opens an attack where a web site might intentionally point a browser at network resources that are known botnet CAC addresses with the sole intention of triggering notifications as a means of pissing off the end user and or comcast. Likewise I am sick of the unaddressed CSRF style attacks possible against most cable modems where external sites can reboot or sometimes even reconfigure cable modems with no authentication of any kind required. They can also force linking to the registration portal and effectivly reset the provisioning of your modem knocking you offline .. again BEFORE having to provide any authentication whatsoever.

    5. More and more sites are using https where these web notifications do not work.

    They won't admit it but I have a strong suspicion the real reason for implementing the infustructure in the first place will be to manage DMCA notifications at some point in the future. Mark my words they will claim it's for preventing abuse but later it's role will be expanded. Dealing with DMCA shit is a much larger human resource drain than any botnet has ever been by a large margin.