[ NNSquad ] Faking user notifications of infected systems? (re Comcast, etc.)

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Faking user notifications of infected systems? (re Comcast, etc.)

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Faking user notifications of infected systems? (re Comcast, etc.)
From: Lauren Weinstein <lauren@vortex.com>
Date: Sat, 10 Oct 2009 10:25:26 -0700

User Notification for Possible Infected Systems
Published: 2009-10-10,
Last Updated: 2009-10-10 15:24:58 UTC
by Tony Carothers (Version: 2)
http://isc.sans.org/diary.html?storyid=7315


One of our readers, Roy, came across this article from Yahoo! this
morning reporting that Comcast is planning to enlist it's customers
help in the fight against botnets by using pop-up alerts. Comcast's
general idea is that, if Comcast notes traffic associated with known
botnet activity, a pop-up will appear on the user's computer.  The
article gives the full details as reported by the Assosciated Press.

The last paragraph, from an overall security perspective, is the most
concerning to me, and that is the use of hoax popups and sites. I
quote "Phil Lin, marketing director at network security firm FireEye
Inc., said hackers could mimic Comcast's pop-up banner or the
confirmation ads. And unsuspecting customers wouldn't know they should
expect to see a confirmation from Comcast in the first place."  We
know it is only a matter of time, and my guess is it will be a very
short time, before the botnet farmers start making use of hoax
notification pop-ups and sites.

The bottom line: Good security practices up front, solid software and
applications, and user awareness would almost eliminate the need for
any effort of this type.

   [ This would appear to be a genuine concern:

       "WARNING! Comcast has detected that your system may
        have been compromised.  Please visit <this link> for
        more information or your service may be suspended."

        Possible Reaction to legit warning: Oh right.  I'm not falling
	  for that.  Get your damn pop up off my screen phisher!
	  Gotta find a way to block those!

        Possible Reaction to faked warning: Damn!  I'd better go to
	  that link right away and make sure I do what it says!  I
	  don't want my service to be suspended.  Seems to want my
	  login/password and social security number for verification.
	  Well, I don't mind giving those to Comcast!

This isn't a Comcast-specific issue of course.  The question is, how
will an unsuspecting user suddenly presented with a disturbing pop up
determine whether it is legit or not?  Will they even try to make
that determination?

--Lauren--
NNSquad Moderator

Prev by Date: [ NNSquad ] Brits get ready for 100 Mbps Internet access
Next by Date: [ NNSquad ] Re: Brits get ready for 100 Mbps Internet access
Previous by thread: [ NNSquad ] Brits get ready for 100 Mbps Internet access
Next by thread: [ NNSquad ] [IP] Comcast's "Evil Bot" Scanning Project
Index(es):
- Date
- Thread