October 11, 2009

Comcast Enlists Subscribers To Fight Botnets

Comcast Corp is seeking help from its subscribers in fighting the armies of "botnets" that devour bandwidth by sending spam and facilitating cybercrime.

The company began testing a service this week with subscribers in Denver, who will now receive pop-up messages from Comcast if their computers appear to have been hijacked by a botnet.

One botnet, or infected computer, can have tens of thousands or even millions of PCs at its command.

Comcast's pop-up message directs subscribers to a Comcast site with tips for cleaning infected computers that reads:

"Comcast has detected that there may be a virus on your computer(s). For information on how to clean your computer(s), please visit the Comcast Anti-Virus Center."

The country's largest provider of high-speed Internet to homes said users can close the warning banners if they choose, but cannot opt out of receiving them.

A reminder will return every seven days as long as a computer appears to be infected.

Comcast hopes to roll out the new program nationwide. 

The company's move is one of the most aggressive campaigns to date by a major Internet provider to curtail botnets, which are part of most serious cybercrimes.

Botnets are often used to fraudulently obtain credit card numbers or conduct so-called "denial-of-service" attacks, which can shut down Web sites and send spam by hijacking e-mail accounts and Internet connections.

A computer can fall victim to a botnet once it becomes infected with malicious software that puts the machine under the control of cyber-criminals, who use the anonymity of having a large number of zombie machines at their disposal to hide their tracks.

Comcast's service aims to block that step by alerting subscribers to potential PC infections they may not have known about.

The system works by analyzing how much data the machine is downloading and receiving to detect a PC's potential role in a botnet.

"These cyber criminals have become so fast, a bot can be instructed to send out millions of spams in a matter of minutes," Jay Opperman, Comcast's senior director of security and privacy, told the Associated Press.

"The faster that we can detect these things are operating on our network, the better," he said, adding that Comcast can differentiate between a legitimate downloads and the malicious acts of a bot-induced PC.

One way Comcast accomplishes this is by checking the download source and comparing it with a list of suspect sites that are known for spamming and other attacks, Opperman said.

The company said it would not inspect the content of subscriber traffic, a controversial action known as deep packet inspection.

Nevertheless, the move carries risks, particularly if subscribers get used to responding to pop-up ads, which are frequently used to deliver the viruses that make an infected computer part of a botnet. These fraudulent ads often claim that a computer is infected, and that the user should take action by clicking on a link.

But Comcast says its program contains an important secondary confirmation in the form of an email sent to the customer's primary e-mail account.  The message informs the subscriber that the pop-up message is legitimate and not a scam.

However, Phil Lin, marketing director at network security firm FireEye Inc., told the AP that hackers could simply mimic Comcast's pop-up banner or the confirmation ads, and trusting customers would never know to expect an e-mail confirmation from Comcast in the first place.


On the Net: