Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Warns Customers Suspected of Bot Infection

Posted by Soulskill on from the wonder-what-this-does-when-it-detects-torrents dept.

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

16 of 196 comments (clear)

  1. Bots are a terrible infection to have by BadAnalogyGuy · · Score: 4, Funny

    I saw this one video where the bot was basically pulled right out of the infection with tweezers. In another, the bot broke off halfway out and the guy had to have the rest removed by a surgeon, but not without great pain.

    Normal insecticide and pest repellent doesn't even work with these things. You really need to keep your netting clean and free of holes. One small hole and you'll wake up with bots dug into your skin and larva chewing at your subcutaneous layer of fat.

  2. Wait, what? by XanC · · Score: 3, Interesting

    The method they chose for notification is to man-in-the-middle my connections? Are they injecting Javascript into sites I visit? Does this mess with protocols other than HTTP? Why can't they just send an email to the account holder, or call them with a recorded message? Why break your service in order to fix it?

    1. Re:Wait, what? by ceep · · Score: 4, Insightful

      I think this is a good method. It's a lot harder to ignore than other ways that you've suggested (how much of an automated phone message would you listen to if it started as "This is a courtesy call from Comcast internet services ..."). HTTP also a service that people are more likely to use every day, and there's little chance that an errant spam filter will block it.

      A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.

    2. Re:Wait, what? by StikyPad · · Score: 5, Informative

      They do send an e-mail, at first. If the traffic continues unabated, they redirect port 80 traffic (only) through a proxy which adds the notice to the server response (the web page you request). It doesn't break or tamper with anything else.

      Personally, I don't see a problem with this, since, if you're allowing botnet traffic, you're already abusing the TOS (with or without your knowledge -- and after the notice, certainly ignorance isn't an excuse), and as such you're not really entitled to "unbroken" service, or any service at all for that matter. I think providing this notice is a good compromise.

      Rather than making a separate post, I also want to address one of the points in TFS: "Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

      This is rather missing the point -- realistically, if any machine inside your network has been compromised, you should assume that the entire network has been compromised, and you should be inspecting/sanitizing/protecting all of the machines accordingly. You should likewise assume that all of your online accounts have been compromised, change your passwords from a trusted location, and check for any unauthorized activity.

      --
      https://www.eff.org/https-everywhere
    3. Re:Wait, what? by Dunbal · · Score: 3, Insightful

      Let's look at the following:

      1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
      2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.

      I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.

      --
      Seven puppies were harmed during the making of this post.
  3. Antivirus2010 by Anonymous Coward · · Score: 5, Insightful

    ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
    www.c0mcast.net/antivirus.exe

  4. Re:Mixed feelings by shoehornjob · · Score: 4, Insightful

    Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats. The thing that gets most people though is the drive by bots. People have to abandon the plug and play web mentality as that's what gets them in trouble. One person told me she got a pop up telling her that the computer was infected with 45 viruses. I'm like WTF?? but they fall for it all the time. Education is the only thing that can fix that problem.

    --
    "We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
  5. "Might have a difficult time" - perhaps not by SuperKendall · · Score: 5, Funny

    Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection

    Not if you only have one Windows system.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  6. Re:Mixed feelings by Nerdfest · · Score: 3, Insightful

    If they''re inspecting your traffic (and I really don't think they should be allowed to without a warrant) this is probably one of the few good things that they could do with what they see.

  7. Re:Mixed feelings by MoonBuggy · · Score: 4, Insightful

    One person told me she got a pop up telling her that the computer was infected with 45 viruses.

    A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.

    An email to the address they have on file would be much less creepy and more effective, IMO.

  8. Re:Mixed feelings by Capt.DrumkenBum · · Score: 3, Insightful

    An email to the address they have on file would be much less creepy and more effective, IMO.

    Because people will ignore the email.
    Just one more piece of spam.

    --
    If I were God, wouldn't I protect my churches from acts of me?
  9. Re:Mixed feelings by amicusNYCL · · Score: 4, Informative

    That's a good point, but the screenshot does look pretty reasonable. It could have been done a lot worse, but it looks like they're at least acknowledging the trust issue.

    That being said, it's not difficult to figure out which ISP a certain IP belongs to and for someone to forge these things.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  10. Re:Excellent idea by green1 · · Score: 3, Interesting

    What happened to the good old days of ISPs where if your computer was being a menace the ISP phoned you, and if you still didn't fix it they cut off your internet access until you did?

    It worked. and it worked well.

  11. Re:Mixed feelings by Hamsterdan · · Score: 4, Interesting

    What about a phone call? My ISP does this. Granted, it only has about 1.5 million customers. The way it goes is first, a phone call, if they are unable to talk to the person, they disable the modem until they call back. They only do this for large botnets, unless they receive a complaint about an IP.

    But it *IS* effective.

    Overlays and emails will only teach people to click on fake antivirus warnings, like you said...

    --
    I've got better things to do tonight than die.
  12. Good idea, but a bad implementation by izomiac · · Score: 3, Insightful

    I think it's great that Comcast is trying to address the bot problem. But they picked a rather poor method IMHO. Surely it's obvious that you can't rely on the infected computer to relay the message... All the bot has to do is run a filtering proxy server and these HTTP insertions are long gone. The best solution would be to use another communication device, i.e. a telephone or letter. Besides, you may have a little old lady that only uses (non-ISP) e-mail twice a month, which might not get the message.

    My own ISP does something similar, but a little better (again, IMHO). A few weeks ago I opened my wireless network because one of my devices was choking on WPA2. Sure enough, someone must have hopped on it and sent a fair bit of spam. So my ISP killed my connection and changed the DNS server so everything resolved to their "Call tech support now" page (although it took a while to for me to figure that out since I wasn't using their DNS server, but I digress). A quick call had me talking with a representative with an explanation, and I was reconnected. (Obviously I re-enabled WPA2 and blocked/logged port 25 at the router in case I really did get rooted.)

  13. Do we really want botnets to go away? by mykos · · Score: 3, Interesting

    I'm kind of torn on botnets. The only sites that get taken down by botnets that I have read about lately are sites of organizations I wish didn't exist anyway.

    When ACTA inevitably becomes the law of the land, DDoS will be one of the few weapons we plebes will have left against corporatism.