Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast Warns Customers Suspected of Bot Infection

Soulskill posted about 4 years ago | from the wonder-what-this-does-when-it-detects-torrents dept.

Botnet 196

eldavojohn writes "Comcast is pushing a new program nationwide that warns customers if they might have a bot infection. It puts a semitransparent overlay on the top of the website you're viewing, warning you that you may have a bot installed if the provider detects botnet traffic from your residence. Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

Sorry! There are no comments related to the filter you selected.

em... (0)

Anonymous Coward | about 4 years ago | (#33788946)

All of them?

Mixed feelings (1, Insightful)

The_mad_linguist (1019680) | about 4 years ago | (#33788948)

It's good that Comcast is actually doing something, but I'm not really sure how effective it will be, and the precedent it sets makes me a little leery. Not sure how I feel about this.

Re:Mixed feelings (4, Insightful)

shoehornjob (1632387) | about 4 years ago | (#33789024)

Customer education is an issue with this one. I haven't talked to someone with that issue but we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats. The thing that gets most people though is the drive by bots. People have to abandon the plug and play web mentality as that's what gets them in trouble. One person told me she got a pop up telling her that the computer was infected with 45 viruses. I'm like WTF?? but they fall for it all the time. Education is the only thing that can fix that problem.

Re:Mixed feelings (4, Insightful)

MoonBuggy (611105) | about 4 years ago | (#33789068)

One person told me she got a pop up telling her that the computer was infected with 45 viruses.

A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.

An email to the address they have on file would be much less creepy and more effective, IMO.

Re:Mixed feelings (3, Insightful)

Capt.DrumkenBum (1173011) | about 4 years ago | (#33789114)

An email to the address they have on file would be much less creepy and more effective, IMO.

Because people will ignore the email.
Just one more piece of spam.

Re:Mixed feelings (1)

spazdor (902907) | about 4 years ago | (#33789212)

Something like "HEY, YOU, Customer #4572953, have a virus and this is your ISP, Comcast, telling you so. Please call our tech support at 1-888-IPGOUGE for removal help, and you should probably verify that phone number against your own documents before calling it."

Re:Mixed feelings (2, Insightful)

gd2shoe (747932) | about 4 years ago | (#33789362)

Sorry, but that does rather look like spam.

Re:Mixed feelings (1)

Thinboy00 (1190815) | about 4 years ago | (#33790254)

What if it had your home address, name, censored billing information (credit card xxxx....1234) etc?

Re:Mixed feelings (1, Troll)

nametaken (610866) | about 4 years ago | (#33789874)

True, maybe an automated phone call with a, "Press 1 to speak with a Comcast representative"?

Re:Mixed feelings (2, Insightful)

shoehornjob (1632387) | about 4 years ago | (#33789136)

An email to the address they have on file would be much less creepy and more effective, IMO

I agree but not everyone uses Comcast email.

Re:Mixed feelings (2, Insightful)

Anonymous Coward | about 4 years ago | (#33789160)

If the customer fails to address the issue promptly, then Comcast should disable their connection. When they call in, Comcast could easily ask them for a email address to forward such communications to.

I work for an ISP and this is how we handle it. (Of course, we're small, so we also call the customer on the phone number(s) on their account.)

Re:Mixed feelings (1)

gd2shoe (747932) | about 4 years ago | (#33789404)

Of course, we're small, so we also call the customer on the phone number(s) on their account.

You mean you're considerate and rational. Technically, there's nothing keeping the big players from doing the same thing. (besides being inconsiderate and irrational)

Re:Mixed feelings (2, Funny)

spazdor (902907) | about 4 years ago | (#33789784)

That, and they seem to have an increasingly small workforce which is able to communicate effectively in English over the phone. ...Oh yeah, like you said.

Re:Mixed feelings (1)

avandesande (143899) | about 4 years ago | (#33789198)

The people most likely to get an infection are exactly the ones that need a blunt warning like this.

Re:Mixed feelings (4, Informative)

amicusNYCL (1538833) | about 4 years ago | (#33789220)

That's a good point, but the screenshot [krebsonsecurity.com] does look pretty reasonable. It could have been done a lot worse, but it looks like they're at least acknowledging the trust issue.

That being said, it's not difficult to figure out which ISP a certain IP belongs to and for someone to forge these things.

Re:Mixed feelings (1)

mewsenews (251487) | about 4 years ago | (#33789240)

An email to the address they have on file would be much less creepy and more effective, IMO.

"E.. mail? You mean that thing that our marketing dept uses to send out propaganda? Who reads that shit?" -- Comcast Exec

Re:Mixed feelings (1)

interkin3tic (1469267) | about 4 years ago | (#33789308)

A thought that just struck me - if Comcast is using web overlays to pass on this info, it will, if anything, serve to legitimise the "Your computer is infected click here and give us your credit card details to fix it" pop-ups.

Any thoughts from people who know more than me as to whether comcast just didn't think of this, or did and just doesn't care? On the one hand, they are comcast and don't have a reputation for forward thinking. On the other hand, they are comcast and don't have a reputation for giving two shits about their customers.

Any chance this is just the path of least resistance to say "Hey, we tried to help, but you ignored our warnings, the malware took you over your quota and you owe us $400," not caring if the user then is then trained to click on every bogus warning they get?

Re:Mixed feelings (4, Interesting)

Hamsterdan (815291) | about 4 years ago | (#33789790)

What about a phone call? My ISP does this. Granted, it only has about 1.5 million customers. The way it goes is first, a phone call, if they are unable to talk to the person, they disable the modem until they call back. They only do this for large botnets, unless they receive a complaint about an IP.

But it *IS* effective.

Overlays and emails will only teach people to click on fake antivirus warnings, like you said...

Norton? Really? (1)

iYk6 (1425255) | about 4 years ago | (#33789364)

we offer free Norton with internet service so there's no reason you can't protect yourself from some of the common threats.

You mean the common threats like Norton? The only people who should install Norton is computer experts, and the only reason they would want to is so they can figure out how to uninstall it.

Re:Norton? Really? (1)

shoehornjob (1632387) | about 4 years ago | (#33789658)

My thoughts precisely but some people I've talked to don't even have any av protection so I guess something is better than nothing even if it hogs your resources.

Re:Norton? Really? (2, Informative)

macbiv (1695966) | about 4 years ago | (#33789754)

I used to have the same opinion on Norton. However, recently I was hired by a shop that uses/sells Norton exclusively. The 2010 and 2011 versions aren't that bad. They fix infected drivers pretty well, a quick scan only takes a few minutes max on a p4/512mb system, and have a detection rate on par with what I've seen from Vipre or MSE. I'm not saying its the best, I'm just saying its not the worst.

Re:Mixed feelings (1)

acaeti (770512) | about 4 years ago | (#33789030)

I'm with you too.

It is good to do something like this, and it is very effective to overlay on the webpages, but it's also intrusive to users. A phone call or email might be less intrusive, but also less effective.

I'd almost prefer a port 80 redirect to a "you're infected" nag URL (they did this at my Uni when slammer happened). Perhaps with a six-hour bypass or something.

The OP calls out if you are a home user, but even worse, what if you are a business with 100 machines and now everyone gets this nag? "Don't get your shiz infected" of course, but still.

Re:Mixed feelings (3, Insightful)

Nerdfest (867930) | about 4 years ago | (#33789050)

If they''re inspecting your traffic (and I really don't think they should be allowed to without a warrant) this is probably one of the few good things that they could do with what they see.

Re:Mixed feelings (2, Informative)

Anonymous Coward | about 4 years ago | (#33789182)

FTFA:

Douglas said the bot intelligence is coming from Damballa, an Atlanta-based security company that monitors botnet activity and identifies botnet control networks. If Damballa spots a Comcast Internet address that is phoning home to one of these botnet command centers, Comcast’s system flags that customer’s address for a service notice.

Re:Mixed feelings (0)

Anonymous Coward | about 4 years ago | (#33789586)

this isn't just inspecting your traffic, and say... emailing a notice of suspected infection, this is TAMPERING with your traffic.

Re:Mixed feelings (0)

Anonymous Coward | about 4 years ago | (#33790204)

I think you're overestimating what Comcast - or any network provider - is capable of doing. Deep inspection of traffic is extremely expensive, and with the levels of traffic Comcast deals with it's simply not possible.

More realistically, Comcast's backbone NOC sees a X gig DoS originating from their network. They collect all the source IP addresses belonging to the attack, and over time they have a list of repeat offenders. The repeat offenders are almost certainly infected with some kind of botnet. Since Comcast doesn't allow spoofed traffic to originate from their network, this method is pretty reliable.

That's Weird... (2, Funny)

Shadow Wrought (586631) | about 4 years ago | (#33788956)

Anyone know why there's an overlay saying, "The Cowboy Neil Bot is feeding," on my screen?

Bots are a terrible infection to have (4, Funny)

BadAnalogyGuy (945258) | about 4 years ago | (#33788960)

I saw this one video where the bot was basically pulled right out of the infection with tweezers. In another, the bot broke off halfway out and the guy had to have the rest removed by a surgeon, but not without great pain.

Normal insecticide and pest repellent doesn't even work with these things. You really need to keep your netting clean and free of holes. One small hole and you'll wake up with bots dug into your skin and larva chewing at your subcutaneous layer of fat.

Re:Bots are a terrible infection to have (1)

shoehornjob (1632387) | about 4 years ago | (#33789058)

larva chewing at your subcutaneous layer of fat

Hmm sounds like fun. I've got to get it off somehow.....

Re:Bots are a terrible infection to have (2, Funny)

gd2shoe (747932) | about 4 years ago | (#33789460)

Ever try Adipos [wikia.com] ? It appears to be an easier and more hygienic (if equally unsettling) way to deal with that extra fat.

Excellent idea (1)

rlp (11898) | about 4 years ago | (#33788970)

I'm not a big fan of Comcast, but this is an excellent idea. If all broadband providers would do this, they could put a serious dent in bot nets and reduce the amount of spam and the phishing attacks.

Re:Excellent idea (1)

jack2000 (1178961) | about 4 years ago | (#33789384)

Just wait till the YOUR PC IS INFECTED crowd picks this up, they are going to have a field day with this.
In my opinion people should get a warning next time they pay their monthly fee and if they do nothing about it maybe a stupid-tax or something.

Re:Excellent idea (3, Interesting)

green1 (322787) | about 4 years ago | (#33789614)

What happened to the good old days of ISPs where if your computer was being a menace the ISP phoned you, and if you still didn't fix it they cut off your internet access until you did?

It worked. and it worked well.

Re:Excellent idea (1)

jack2000 (1178961) | about 4 years ago | (#33789856)

I agree but people these days will get all upity if you start disconnecting them. So i propose a bastard tax

Re:Excellent idea (1)

nurb432 (527695) | about 4 years ago | (#33790058)

It will backfire as people will be un-taught the 'dont click on popups' lesson being taught now.

IPv6! (0)

NFN_NLN (633283) | about 4 years ago | (#33788976)

"...if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

Let this be yet another example of why NAT is not an acceptable solution to IPv4 address space allocation. Every device should have it's own IP and a proper firewall in place (if necessary).

Re:IPv6! (2, Insightful)

alvinrod (889928) | about 4 years ago | (#33789070)

I think that most of the people who are qualified to setup and maintain their own router are also qualified enough to determine exactly which of their machines are infected. Of course there will always be a few people who knew just enough about setting up a router to be dangerous, but if the network is completely open and someone using their network is spewing out spam or other garbage, it might tip off the network owner that they should secure their network.

IPv4 isn't a serious problem, and that part of the summary seems rather silly considering that anyone who has a serious network setup probably either has a good understanding of it or has a friend / family member with that knowledge. IPv6 would be a lot nicer, but the world is going to go on dragging its feet as long as it can.

Re:IPv6! (2, Insightful)

vux984 (928602) | about 4 years ago | (#33789328)

I think that most of the people who are qualified to setup and maintain their own router are also qualified enough to determine exactly which of their machines are infected

1) You go to best buy and plug $59 for a 4 port router box.
2) You take it home and plug it into the wall.
3) You plug the WAN port on the router to the cable or dsl box. - this is the hardest part to get right
4) You plug your computers into the other ports and start accessing the internet

People qualified to do the above are not qualified to determine which of their machines are infected.

Re:IPv6! (1)

spazdor (902907) | about 4 years ago | (#33789844)

No, but neither are those people qualified to disinfect a single computer connected directly to the Internet. In either case, the solution is the same: unplug the cable modem and call a nerd for help.

Re:IPv6! (1)

schnikies79 (788746) | about 4 years ago | (#33789170)

I don't want to firewall every damn device on my LAN when I can throw up a single firewall at the choke point.

No thanks.

Re:IPv6! (0)

Anonymous Coward | about 4 years ago | (#33789204)

yeah, that'll work really well when one of the machines on the LAN gets an infection...

Re:IPv6! (1)

gman003 (1693318) | about 4 years ago | (#33789180)

Coincidentally, I've noticed Comcast seems to be deploying IPv6 to home users. I was just helping a friend move into a new apartment, and I had the toughest time setting up the wireless router. Turned out that the router didn't support IPv6, so it wasn't able to connect to the cable modem. Right now, I've had her just wire up her laptop, but I'm going to see if different firmware makes the router usable.

Re:IPv6! (1)

JonySuede (1908576) | about 4 years ago | (#33789304)

aren't comcast supposed to be using 6rd ? it should be compatible, you can try the following procedure: unplug the modem from the laptop, do an hard reset of the modem then plug it into the router. You have to do this sometimes because some modem remember the first mac address they spoke to and they uniquely speak to that address afterward.

Re:IPv6! (1)

gd2shoe (747932) | about 4 years ago | (#33789518)

Very true. It's specifically true for Comcast, and has been for years.

Re:IPv6! (0)

Anonymous Coward | about 4 years ago | (#33789764)

I am happy to learn that if parent(parent(post)) is a predicate P(x in Companies) then P(Verizon) = 1

Re:IPv6! (1)

gman003 (1693318) | about 4 years ago | (#33789548)

I'll try that next time I'm over. Thanks.

Re:IPv6! (1)

JeanBaptiste (537955) | about 4 years ago | (#33789616)

I agree. You shouldn't run NAT.

Re:IPv6! (1)

JonySuede (1908576) | about 4 years ago | (#33789846)

I don't agree. you should run NAT when your only choices for a reasonable price are no connection and ipv4 connection.

Re:IPv6! (1)

socsoc (1116769) | about 4 years ago | (#33790182)

Let's say I have an office with 100 machines and 5 public IP addresses. I have a few addresses with specific port forwarding set up for services to some servers and and the rest of the workstations share an external address. Hell, web traffic out of the aforementioned servers may go out the same external address as the workstations. They all share a common firewall that NATs the internal network. Why is this scenario bad?

Wait, what? (3, Interesting)

XanC (644172) | about 4 years ago | (#33788986)

The method they chose for notification is to man-in-the-middle my connections? Are they injecting Javascript into sites I visit? Does this mess with protocols other than HTTP? Why can't they just send an email to the account holder, or call them with a recorded message? Why break your service in order to fix it?

Re:Wait, what? (0)

Anonymous Coward | about 4 years ago | (#33789038)

Yeah, I was thinking it would work better to inform the user in any other manner. Preferably something that doesn't look like a "Your machine might be infected download this anti-virus now!" scam.

Re:Wait, what? (1)

Mike Kristopeit (1900306) | about 4 years ago | (#33789046)

comcast didn't give me an email address the last time i used their service... and at the time i didn't have a phone...

the obvious method of contact is a letter to the service address, but they send out so many junk mailings, most customers would probably trash them without reading. HTTP injection can not be tolerated... if you can show me their method for creating the overlay, i can reverse engineer a page that would be broken because of it. comcast can not be allowed to potentially break pages.

Re:Wait, what? (2, Insightful)

ceep (527600) | about 4 years ago | (#33789128)

So: they don't have an e-mail address for you, or a phone number, and you throw out all postal mail you get from them. How do you suggest they contact you if there's a problem? I wouldn't be in favor of overuse of this method, but if you've got a 'bot running on your system, you're part of a problem and maybe something a little heavy-handed is warranted.

Re:Wait, what? (1)

Mike Kristopeit (1900306) | about 4 years ago | (#33789228)

the only acceptable heavy-handed solution would be to cut off their service until the problem is fixed.

Re:Wait, what? (2, Insightful)

Mr. Freeman (933986) | about 4 years ago | (#33789254)

"So: they don't have an e-mail address for you, or a phone number, and you throw out all postal mail you get from them. How do you suggest they contact you if there's a problem?"

Anyone that throws out mail from comcast can just as easily ignore the overlay. Besides, it's not comcast's responsibility to tell you if you have a bot running on your machine. This would be a little like your car putting an overlay on your windshield if your windshield wipers are in need of replacing, it's just ridiculous.

Also, what happens when someone gets flagged falsely and they can't get the overlay removed. Every try calling comcast customer service. Wait three hours on hold and then talk to a moron in india that doesn't speak english only to be read a script in a thick accent and then have them hang up on you.

Re:Wait, what? (1)

Fulcrum of Evil (560260) | about 4 years ago | (#33789570)

"please to be rebooting the computer" - woo, no thanks.

Re:Wait, what? (0)

Anonymous Coward | about 4 years ago | (#33789628)

If you fail to respond, they can disconnect your service. As long as they have it in the TOS, they can do this. I don't think they want someone who is unresponsive as a customer anyway; they would also be unlikely to respond to a bill with a check.

Although extreme, disconnecting much better then manipulating the web page results. Some companies have automated systems that download web pages periodically and parse them for content. Messing with HTTP content is a really bad idea.

Re:Wait, what? (0)

Anonymous Coward | about 4 years ago | (#33789202)

bull shit. Every comcast internet has a comcast email address.

You've either never used them for internet, in which case they wouldn't be your isp or you just a dumb ass.

Re:Wait, what? (0, Flamebait)

Mike Kristopeit (1900306) | about 4 years ago | (#33789272)

i have used comcast in 10 different states... almost exclusively in my recent travels. presently i use charter communications in wisconsin. in santa monica and santa barbara in 2009, i was told comcast no longer gave out @comcast email addresses because most people use free services like hotmail or gmail. i still have the bills. i never gave them a real personal email address. the only info they had on me was billing/service address.

last i checked, there is only one "comcast internet"... ur mum's face is a dumb ass.

Re:Wait, what? (4, Insightful)

ceep (527600) | about 4 years ago | (#33789094)

I think this is a good method. It's a lot harder to ignore than other ways that you've suggested (how much of an automated phone message would you listen to if it started as "This is a courtesy call from Comcast internet services ..."). HTTP also a service that people are more likely to use every day, and there's little chance that an errant spam filter will block it.

A risk - in theory - is that when people see this popup, they'll say "I'm supposed to not interact with these things" and just click "Close," rather than understanding what it says. On the other hand, if your computer is infected with some sort of 'bot, you probably click through things like this anyway.

Re:Wait, what? (1)

XanC (644172) | about 4 years ago | (#33789156)

No, doing this to people's connections is inexcusable. If they're being a problem on the network, then they should be cut off. But inserting yourself into their communications is simply wrong.

That would solve the "how to get in touch with them" problem... They'll come to you!

Re:Wait, what? (3, Insightful)

Dunbal (464142) | about 4 years ago | (#33789400)

Let's look at the following:

1. By definition, an internet service provider IS a man in the middle. To everyone whining about using this method - welcome to the real world. A man in the middle approach is the easiest one for the man in the middle to take.
2. Perhaps the ISP should just terminate the accounts of users of infected machines, since I am sure running an infected machine on the net is a violation of the TOS somewhere.

I WANT them to break the service and force people to upgrade, instead of continuing to spew their filthy zombie attacks all over the net. The more dramatic and attention getting, the better. Face it - your mission critical systems should not be on a residential account anyway, RIGHT? That's what the premium priced business packages are for... So what if grandpa has to click on some links to download some software and fix his machine before he can read his paper today. It's worth it to clean up the net.

Re:Wait, what? (2, Insightful)

lordDallan (685707) | about 4 years ago | (#33789122)

I'd guess Comcast isn't sending an email at least in part because a healthy percentage of their customers don't use Comcast's crappy email service.

I still think this is a gross and intrusive tactic, but so is how they hijack DNS redirects to show you a custom "search" page with ads on it. At least they give you an option [comcast.net] of turning that "service" off.

Re:Wait, what? (1)

veganboyjosh (896761) | about 4 years ago | (#33789266)

Mod parent informative!

Thanks for the link. Will be updating our account today!

Re:Wait, what? (0)

Anonymous Coward | about 4 years ago | (#33789146)

The method they chose for notification is to man-in-the-middle my connections? Are they injecting Javascript into sites I visit? Does this mess with protocols other than HTTP? Why can't they just send an email to the account holder, or call them with a recorded message? Why break your service in order to fix it?

Because "It became necessary to destroy the town to save it"!

But seriously, I think it would be better to cut them off entirely and redirect their web traffic to a page where they can download antivirus & anti-spyware tools. They will definitely notice being cut off.

Re:Wait, what? (1)

Skapare (16644) | about 4 years ago | (#33789166)

If your IP is not on the list of infected customers, they won't affect you. But, if it is, they redirect your port 80 traffic to their proxy server that injects the HTML. Specifics, like how it does the overlay, I don't know. Maybe it wraps a frame or div. You'll have to fake being infected to see. Use HTTPS, or an SSH tunnel to a proxy of your own, to avoid it while being infected. If you can't be infected, then your own risk is if your ordinary traffic trips their infection detector.

Re:Wait, what? (5, Informative)

StikyPad (445176) | about 4 years ago | (#33789236)

They do send an e-mail, at first. If the traffic continues unabated, they redirect port 80 traffic (only) through a proxy which adds the notice to the server response (the web page you request). It doesn't break or tamper with anything else.

Personally, I don't see a problem with this, since, if you're allowing botnet traffic, you're already abusing the TOS (with or without your knowledge -- and after the notice, certainly ignorance isn't an excuse), and as such you're not really entitled to "unbroken" service, or any service at all for that matter. I think providing this notice is a good compromise.

Rather than making a separate post, I also want to address one of the points in TFS: "Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection."

This is rather missing the point -- realistically, if any machine inside your network has been compromised, you should assume that the entire network has been compromised, and you should be inspecting/sanitizing/protecting all of the machines accordingly. You should likewise assume that all of your online accounts have been compromised, change your passwords from a trusted location, and check for any unauthorized activity.

Re:Wait, what? (0)

syousef (465911) | about 4 years ago | (#33789944)

Personally, I don't see a problem with this, since, if you're allowing botnet traffic, you're already abusing the TOS (with or without your knowledge -- and after the notice, certainly ignorance isn't an excuse), and as such you're not really entitled to "unbroken" service, or any service at all for that matter. I think providing this notice is a good compromise.

Personally you don't have a problem with this because you're an advanced user interested in computers and all things technical. Saying that those who don't fall into that category and get infected don't deserve any service because they've fallen afoul of their TOS is pig ignorant. ...and that's without considering false positives and the like. Here's a thought? Why not provide contacts for a reputable service that can help clean the customer's machine for a reasonable fee?

Re:Wait, what? (2, Informative)

StikyPad (445176) | about 4 years ago | (#33790028)

I didn't say they don't deserve service, I said they don't have a right to it. What people deserve is only rarely related to what they get. Moreover, their presence on the network is necessarily degrading the experience for everyone else who's being responsible with their activity. Do responsible users *deserve* to be inundated with attacks from the machines of people who, for whatever reason, aren't "advanced user interested in computers and all things technical?" What if we were discussing dogs instead of computers? Would the behavior of their animals be justified by ignorance, incompetence, or apathy?

As I said I think an adequate balance is struck in this case -- there's no disruption of service, *especially* as far as the non-technical user is concerned, and as for erring on the side of caution (false positives) if you think that's a mistake, then I hope you're not an admin.

It's about damned time the ISPs get involved. (1, Interesting)

pecosdave (536896) | about 4 years ago | (#33788994)

If you're infested with a botnet you are doing harm. In short infested computers create attackers and ISPs need to take responsibility for the attackers on their networks. I was more concerned that ISPs have NOT done this until now.

Re:It's about damned time the ISPs get involved. (1)

nurb432 (527695) | about 4 years ago | (#33790068)

They should get involved by turning off your service and have you call them to turn it back on, routing you only to a in-house site for cleaning the PC.

Antivirus2010 (5, Insightful)

Anonymous Coward | about 4 years ago | (#33789002)

ComcastAntiVirus have detected a infection or your computer. To run free virus removal click here!
www.c0mcast.net/antivirus.exe

Re:Antivirus2010 (1)

Dthief (1700318) | about 4 years ago | (#33789500)

the link didnt work :(

maybe I should try .com instead of .net

"Might have a difficult time" - perhaps not (5, Funny)

SuperKendall (25149) | about 4 years ago | (#33789044)

Of course, if you have multiple machines running behind a router or modem then you're going to have a difficult time pinning down which machine might have the infection

Not if you only have one Windows system.

Only about ten years late. (1)

Medievalist (16032) | about 4 years ago | (#33789054)

Ten years ago they said I was mad for proposing this.

Thanks, comcast, you arrogant incompetents, for taking a decade to listen to your customers.

But I already moved to FIOS, along with my ENTIRE NEIGHBORHOOD, so tough luck.

Re:Only about ten years late. (1)

crazygeek02 (915165) | about 4 years ago | (#33789088)

But I already moved to FIOS, along with my ENTIRE NEIGHBORHOOD, so tough luck.

They sure are feeling the pain from that. /eyeroll.

Re:Only about ten years late. (0)

Anonymous Coward | about 4 years ago | (#33789112)

They actually called you crazy? Are you sure everyone in your neighborhood went over to FIOS?

Sounds like a good deal of hyperbole.

Re:Only about ten years late. (0)

Anonymous Coward | about 4 years ago | (#33790076)

FIOS doesn't offer this service, do they? Shouldn't you switch back, since FIOS isn't taking even longer than a decade to listen to their customers.

Well it's about friggin' time! (2, Interesting)

ThreeGigs (239452) | about 4 years ago | (#33789078)

Now if every other ISP would do something similar. Maybe block access until a user reads a notice or something.

That said, Comcast's way of doing this might look to me like the website I was looking at was trying to sell me malware... like one of those "YOU'RE INFECTED! SCAN NOW?" popups.

Re:Well it's about friggin' time! (1)

DeadCatX2 (950953) | about 4 years ago | (#33789246)

I say exponentially decay their bandwidth as if it was an RC circuit with a time constant of about three days. In about a week I'm sure they'll be calling to complain about the Internet speed...and then you'll have their undivided attention.

Re:Well it's about friggin' time! (1)

green1 (322787) | about 4 years ago | (#33789670)

when people's connections are slow, they switch providers (because providers all advertise based on how fast their network is (of course without ever giving out numbers))
what makes people call and complain is if you cut off their service.

This is what ISPs used to do, it's too bad they don't anymore.

I use a router... (1, Interesting)

erroneus (253617) | about 4 years ago | (#33789092)

But I didn't have a hard time determining which machine it was. My son was visiting and he was running Windows. Everything else is Linux and one Mac. Not hard to figure it out.

Completely unacceptable (0)

Anonymous Coward | about 4 years ago | (#33789116)

Not only do they probably analyze the traffic in transit to detect an infection, they also manipulate data. Neither of those is acceptable. There are other methods of detection, like running honeypots, and there are other methods of notification, like calling the customer or sending them an email.

Dear Complainers: (0, Flamebait)

avandesande (143899) | about 4 years ago | (#33789178)

Feel free to get another broadband provider if you don't like the way Comcast handles this.

Re:Dear Complainers: (0)

Anonymous Coward | about 4 years ago | (#33789256)

The problem is that comcast has a monopoly in certain areas.

Re:Dear Complainers: (0)

Anonymous Coward | about 4 years ago | (#33789406)

Some of us live in an area where there is a monopoly on internet provisioning, short of buying a T1 or better. We don't

Re:Dear Complainers: (0)

Anonymous Coward | about 4 years ago | (#33790256)

i do

Known Evil? (1)

inputdev (1252080) | about 4 years ago | (#33789188)

“When we see instructions are being sent from that known evil [Internet address] to one of our customer addresses, we know the instructions from that address cannot be good and that there’s something not good happening on your network,” Douglas said.
Can someone explain how much they know, are they saying they are aware of the ip addresses of the entire bot? If not, then this seems to me like ISP imposed antivirus software.
My parents have a Windows machine that nobody touches simply because it takes at my about 10 min. to boot since you have to sit through the anti-virus updates.
I'm not a fan of viruses / bot-nets by any means, but I hate anti-virus software almost as much. I'm not a fan of the ISP running one for me, or pushing third party software either.

Comcast offers free bot infection for up to 7 PCs! (1)

Leomania (137289) | about 4 years ago | (#33789214)

From Krebs' article:

Comcast also is offering free subscriptions to Norton Security Suite for up to 7 computers per customer — including Mac versions of the Symantec suite.

At least most bots have the decency to let you use your own computer. Norton (and in my experience, McAfee) security suites are much less inclined to leave enough free resources for that to be possible.

Does anything bad even run in GNU/Linux? (1)

linuxiac (1831824) | about 4 years ago | (#33789322)

Gosh golly gee whiz, Gomer, I don't think it even bothers GNU/Linux, but, just for our peace of mind, let's ask those wizards on /.

Re:Does anything bad even run in GNU/Linux? (1, Insightful)

Anonymous Coward | about 4 years ago | (#33789382)

I don't think it even bothers GNU/Linux, but, just for our peace of mind, let's ask those wizards on /.

Linux servers are generally a pretty high value target (they usually don't get turned off at night, most are on better-than-average connections and 99% of the software written for the thing doesn't require a GUI). Also, some guy running ancient shitty php forum software "for his family" on his home network is ripe for pwning.

Legality (1)

Wowsers (1151731) | about 4 years ago | (#33789334)

What is the legality of the ISP intercepting a web page a user requested, then injecting their own code into it, then serving it you the end user?

Re:Legality (1)

jack2000 (1178961) | about 4 years ago | (#33789412)

It should be illegal, if it's not, then get on your feet and make it so.

Re:Legality (1)

spazdor (902907) | about 4 years ago | (#33789858)

Well, websites are copyrighted documents, and websites with extra ISP-injected code are unauthorized derivative works of those documents. Aaaaaaaaaaaand GO.

I'd normally be against this... (1)

straponego (521991) | about 4 years ago | (#33789338)

...but if their diagnostics are accurate, it will only affect Windows users. And those people are fine with these things (botnets, spyware, constant intrusive advertising, confusing choices between virus checkers, weird popups, etc). No important work will be interrupted, just games, facebook and porn. The rest of us may or may not see slightly faster access, so... what's the bfd?

I kid, I kid. Settle down.

Better than nothing but not enough (1)

ngc5194 (847747) | about 4 years ago | (#33789392)

Congratulations to Comcast for doing something about this, but it's not enough. If they can detect the malware infected computer, they can quarantine it. ISPs have a RESPONSIBILITY to prevent computers that they KNOW are infected from messing up other computers on the Internet. OS vendors don't do enough to remove vulnerabilities in their products, end-users don't do enough to lock down their machines, and ISPs don't do enough to restrict the damage infected machines do. Step up!

That's great! But.. (1)

peacefinder (469349) | about 4 years ago | (#33789654)

Excellent move!

Unfortunately malware authors will be updating their Fake AV attacks to emulate that banner in a matter of weeks, so it's only a temporary improvement.

ten bucks on .... (2, Insightful)

trum4n (982031) | about 4 years ago | (#33789708)

... bittorrent also setting off this message.

they must be blanketing the spam email (0)

Anonymous Coward | about 4 years ago | (#33790072)

I got one of their emails last weekend. After virus scan and Wireshark analysis I determined that one of my email addresses must have been used for spam. I could find no bad traffic on any of my PCs.

Good idea, but a bad implementation (3, Insightful)

izomiac (815208) | about 4 years ago | (#33790294)

I think it's great that Comcast is trying to address the bot problem. But they picked a rather poor method IMHO. Surely it's obvious that you can't rely on the infected computer to relay the message... All the bot has to do is run a filtering proxy server and these HTTP insertions are long gone. The best solution would be to use another communication device, i.e. a telephone or letter. Besides, you may have a little old lady that only uses (non-ISP) e-mail twice a month, which might not get the message.

My own ISP does something similar, but a little better (again, IMHO). A few weeks ago I opened my wireless network because one of my devices was choking on WPA2. Sure enough, someone must have hopped on it and sent a fair bit of spam. So my ISP killed my connection and changed the DNS server so everything resolved to their "Call tech support now" page (although it took a while to for me to figure that out since I wasn't using their DNS server, but I digress). A quick call had me talking with a representative with an explanation, and I was reconnected. (Obviously I re-enabled WPA2 and blocked/logged port 25 at the router in case I really did get rooted.)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?