Comcast, the nation’s largest residential Internet service provider, announced last week that it is expanding an initiative to contact customers whose PCs appear to be infected with a malicious bot program.
The Philadelphia-based cable Internet company is expanding nationwide a pilot program that began in Denver last year, which automatically informs affected customers with an e-mail urging them to visit the company’s security page. The system also sends the customer’s browser a so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the user’s Web browser.
Customers can then either move or close the alert, or click Go to Anti-Virus Center, for recommended next-steps, which for Windows customers includes:
- Downloading any missing Microsoft security updates.
- Making sure the customer has some kind of up-to-date anti-virus software running.
- Downloading and running Microsoft’s malicious software removal tool.
- Downloading and installing Secunia‘s free Personal Software Inspector tool, a program that periodically scans the user’s computer for missing security updates for commonly used third party applications, such as Adobe Reader, Flash, and Java, and QuickTime.
Comcast also is offering free subscriptions to Norton Security Suite for up to 7 computers per customer — including Mac versions of the Symantec suite.
For customers who receive a notice but are running a wireless router behind their cable modem, however, figuring out which computer is infected may not be so easy. That’s because while wireless routers plug directly into high-speed Internet modems — and allow multiple computers to use the same Internet address and connection — Comcast’s Constant Guard cannot isolate the infection beyond the Internet address assigned to the customer’s modem. Comcast users who have trouble with that are steered toward the option of paying for help from Norton Live.
Comcast spokesman Charlie Douglas declined to offer statistics on the number of customers who responded to alerts generated during the company’s pilot version of Constant Guard, but said the response has been “very positive.” He said customers who chose to ignore or close the service notice without taking action will be re-notified every few days until the problem is resolved.
Douglas said the bot intelligence is coming from Damballa, an Atlanta-based security company that monitors botnet activity and identifies botnet control networks. If Damballa spots a Comcast Internet address that is phoning home to one of these botnet command centers, Comcast’s system flags that customer’s address for a service notice.
“When we see instructions are being sent from that known evil [Internet address] to one of our customer addresses, we know the instructions from that address cannot be good and that there’s something not good happening on your network,” Douglas said.
Comcast has started rolling the system out on a market-by-market basis, and expects to have it deployed to most of its 16 million customers by the first quarter of 2011, Douglas said.