NNSquad - Network Neutrality Squad
[ NNSquad ] Comcast's "Evil Bot" Scanning Project
----- Forwarded message from Dave Farber <dave@farber.net> ----- Date: Thu, 8 Oct 2009 16:42:50 -0400 From: Dave Farber <dave@farber.net> Subject: [IP] Constant Guard - Combating Bots Reply-To: dave@farber.net To: ip <ip@v2.listbox.com> Begin forwarded message: > From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com> > Date: October 8, 2009 15:35:47 EDT > To: Dave Farber <dave@farber.net> > Subject: Constant Guard - Combating Bots > > Dave – for IP if you like: > > We announced a new security program, called Comcast Constant Guard, > focused on end-user security. One technical aspect of that is a > (web-based) Service Notice, which we will start testing in a small part > of our network later today. What I think is important to keep in mind > is that ISPs often have systems, such as email anti-spam systems, that > provide information about customers that have been infected with malware > (primarily bots). For years we and others have simply treated the > symptoms of this massive rise is malicious software. What we’re trying > to do now is go right to the source and start to help customers by first > advising them that they may have been infected with a bot, and second by > trying to lead them through a remediation process. > > With respect to bot removal, this is a big part of the trial as well > and we think we (and the security industry more generally) have a lot to > learn. We need to determine how effective the tools available today for > removal are, or if much more sophisticated and difficult removal is > needed. > > Below is the text of a CNet story on this today. We have also updated > our Network Management disclosure page > (http://networkmanagement.comcast.net). Tech-savvy users may also like > to take a look at an IETF draft on remediation options at > http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 and > the technical details of how the Service Notice delivery system works > (no DPI) at > http://tools.ietf.org/html/draft-livingood-web-notification-00. > > We have a lot to learn about how to identify and remove bots from ISP > networks, but I thought it was important for us to start trying > different approaches and seeing what works. This is a challenging > problem space. > > http://news.cnet.com/8301-27080_3-10370996-245.html > > October 8, 2009 10:25 AM PDT > Comcast alerts customers to infected PCs > by Elinor Mills > > Comcast is launching a trial on Thursday of a new automated service > that will warn broadband customers of possible virus infections if the > computers are behaving like they have been compromised by malware. > > For instance, if the amount of traffic being sent from a particular IP > address spikes significantly overnight, that could signal that a > computer is infected with a virus that takes control of the system and > uses it to send spam as part of a botnet. > > The alerts are triggered "when we see computers on our network that are > doing things that are known bot activities, say a computer is spewing > out thousands of spam emails," said Jay Opperman, senior director of > security and privacy at Comcast. > > Comcast, which is the largest residential ISP with 15.3 million > consumer customers, also is alerted to compromised customer computers > when the IP address is identified as being the source of spam on > industry spam lists, he said. > > Customers in Denver will begin receiving notifications that their > system may be infected with a virus or other malware via a pop-up > message in the browser as part of the new Comcast Service Notice, which > is free. The notice will include a link to a Comcast security Web site > where customers can follow a set of instructions to remove the malware > from their computer. > > If customers don't have anti-virus software they can download McAfee > Internet Security Suite for free. Comcast also offers a Comcast Toolbar > that includes spyware detection and removal, a pop-up ad blocker, > anti-phishing software and anti-spam protection for email. > > The company first started notifying customers about the security issues > about a year ago, with support representatives calling customers on the > phone, Opperman said. > > "We learned that customers love it," he said. "We wanted to reach more > people and to automate the process." > > This appears to be the first service where an ISP proactively notifies > customers about security issues on their computers. For years, security > experts have complained that ISPs are uniquely positioned to and should > do more to help customers combat security problems. But ISPs have been > reluctant to assume additional responsibilities that are not central to > their core service offering and for which they would then have to > maintain a standard going forward. > > "I would hope that the government would do things to encourage this, if > you alleviate some of the potential concerns that others may have about > giving that kind of notification," said Jerry Upton, executive director > of the Messaging Anti-Abuser Working Group. "I think it's the beginning > of many ISPs and network providers realizing that customers need a > little better knowledge of what the problems are out there." > > Alissa Cooper, chief computer scientist for the Center for Democracy > and Technology, said the organization welcomes Comcast's initiative. > > "ISPs have a helpful role to play in helping subscribers mitigate these > kinds of security threats," she said. "The challenge is ... when users > get these notices do they understand them? Do they trust that they are > real? Do they follow through to the point where they clean up their > computers?" > > The new service will eventually be rolled out in the rest of the > country and will replace the phone calls Comcast has been using to > notify customers to security problems, Opperman said. > > Asked how many alerts have been sent to customers with Macintosh > computers, Opperman said he could not provide a specific number but > said there had been some. > > Regards, > > Jason Livingood > Internet Systems Engineering > Comcast Cable Communications > ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ----- End forwarded message -----