Slashdot Mirror
Comcast Warns Customers Suspected of Bot Infection
eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."
I saw this one video where the bot was basically pulled right out of the infection with tweezers. In another, the bot broke off halfway out and the guy had to have the rest removed by a surgeon, but not without great pain.
Normal insecticide and pest repellent doesn't even work with these things. You really need to keep your netting clean and free of holes. One small hole and you'll wake up with bots dug into your skin and larva chewing at your subcutaneous layer of fat.
ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
www.c0mcast.net/antivirus.exe
Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats. The thing that gets most people though is the drive by bots. People have to abandon the plug and play web mentality as that's what gets them in trouble. One person told me she got a pop up telling her that the computer was infected with 45 viruses. I'm like WTF?? but they fall for it all the time. Education is the only thing that can fix that problem.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection
Not if you only have one Windows system.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
One person told me she got a pop up telling her that the computer was infected with 45 viruses.
A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.
An email to the address they have on file would be much less creepy and more effective, IMO.
I think this is a good method. It's a lot harder to ignore than other ways that you've suggested (how much of an automated phone message would you listen to if it started as "This is a courtesy call from Comcast internet services ..."). HTTP also a service that people are more likely to use every day, and there's little chance that an errant spam filter will block it.
A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.
That's a good point, but the screenshot does look pretty reasonable. It could have been done a lot worse, but it looks like they're at least acknowledging the trust issue.
That being said, it's not difficult to figure out which ISP a certain IP belongs to and for someone to forge these things.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
They do send an e-mail, at first. If the traffic continues unabated, they redirect port 80 traffic (only) through a proxy which adds the notice to the server response (the web page you request). It doesn't break or tamper with anything else.
Personally, I don't see a problem with this, since, if you're allowing botnet traffic, you're already abusing the TOS (with or without your knowledge -- and after the notice, certainly ignorance isn't an excuse), and as such you're not really entitled to "unbroken" service, or any service at all for that matter. I think providing this notice is a good compromise.
Rather than making a separate post, I also want to address one of the points in TFS: "Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."
This is rather missing the point -- realistically, if any machine inside your network has been compromised, you should assume that the entire network has been compromised, and you should be inspecting/sanitizing/protecting all of the machines accordingly. You should likewise assume that all of your online accounts have been compromised, change your passwords from a trusted location, and check for any unauthorized activity.
https://www.eff.org/https-everywhere
What about a phone call? My ISP does this. Granted, it only has about 1.5 million customers. The way it goes is first, a phone call, if they are unable to talk to the person, they disable the modem until they call back. They only do this for large botnets, unless they receive a complaint about an IP.
But it *IS* effective.
Overlays and emails will only teach people to click on fake antivirus warnings, like you said...
I've got better things to do tonight than die.