Posts Tagged: Comcast

Jun 13

Web Badness Knows No Bounds

If your strategy for remaining safe and secure online is mainly to avoid visiting dodgy Web sites, it’s time to consider a new approach. Data released today by Google serves as a welcome reminder that drive-by malware attacks are far more likely to come from hacked, legitimate Web sites than from sites set up by attackers to intentionally host and distribute malicious software.

Today, Google released a truckload of data from its Safe Browsing program, which flags and warns users about more than 10,000 suspicious and malicious Web sites each day. The information clearly shows that gone are the days when folks could avoid giving their computers a nasty little rash simply by staying out of the Internet’s red-light districts (networks with large aggregations of porn and piracy sites, for example).

Hacked, malicious Web sites far exceed malware sites constructed by attackers. Source: Google

Hacked, malicious Web sites far exceed malware sites constructed by attackers. Source: Google

At the same time, some places on the Internet clearly are far more dangerous than others, Google’s data sets show. Have a look at the following graphic, which lists the most hostile Internet providers in the United States (the U.S. is currently responsible for just 2 percent of the world’s malicious sites, Google says).

Concentrations of hacked and malicious sites at U.S. Internet providers.Source: Google

Concentrations of hacked and malicious sites at U.S. Internet providers.Source: Google

The most malicious U.S. network listed by Google — a data center run by a company in New York called Pilosoft — is no stranger to lists charting the top sources of badness online. Pilosoft figured prominently in Operation Ghost Click, a U.S. Justice Department takedown targeting the DNS Changer botnet, which had a significant portion of its operations based at Pilosoft. Google says it has scanned 13 percent of Pilosoft’s network, and found that more than half of the sites it scanned were malicious.

Other top badness concentrations have a history of courting malware purveyors. Ask Google’s report to display the most densely malicious ISPs regardless of country and you’ll notice some interesting names float to the top of the list. Among them, Santrex Internet Services, is a well-known offshore bulletproof hosting provider based in the Seychelles.

Some networks are completely overrun with malicious sites, and some actively seek out this condition.

Some networks are completely overrun with malicious sites, and some actively seek out this condition.

Of course, more mainstream networks and ISPs also are constantly battling malicious sites within their borders.  It’s worth noting that 22 percent of the sites hosted at one section of the network run by major ISP Comcast (AS20214)  are malicious, according to Google, although the company says it has scanned only 4 percent of this portion Comcast’s network so far. Google’s data is broken down by “autonomous system” (AS) numbers — which are basically a numerical way of keeping track of networks — and a large ISP may control numerous ASes.

Several other Comcast ASes are listed in the first few pages of Google’s index of U.S.-based badness. To be fair, Comcast is the nation’s largest cable Internet provider, so it’s perhaps unsurprising that it hosts so many compromised sites. However, Comcast’s largest competitor in the United States — Verizon — doesn’t appear until page 19 of Google’s results (with 5 percent of scanned sites malicious and 5 percent of the network scanned).

Continue reading →

Jul 11

Comcast Hijacks Firefox Homepage: “We’ll Fix”

Comcast says it is revamping the software that new customers need to install to start service with the ISP. The software is unfriendly to Mac users running Firefox: It changes the browser’s homepage to, and blocks users from changing it to anything else.

I heard this from a friend who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware  — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting.

I contacted Comcast; they initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.

Continue reading →

Oct 10

Comcast Pushes Bot Alert Program Nationwide

Comcast, the nation’s largest residential Internet service provider, announced last week that it is expanding an initiative to contact customers whose PCs appear to be infected with a malicious bot program.

The Philadelphia-based cable Internet company is expanding nationwide a pilot program that began in Denver last year, which automatically informs affected customers with an e-mail urging them to visit the company’s security page. The system also sends the customer’s browser a so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the user’s Web browser.

Customers can then either move or close the alert, or click Go to Anti-Virus Center, for recommended next-steps, which for Windows customers includes:

  • Downloading any missing Microsoft security updates.
  • Making sure the customer has some kind of up-to-date anti-virus software running.
  • Downloading and running Microsoft’s malicious software removal tool.
  • Downloading and installing Secunia‘s free Personal Software Inspector tool, a program that periodically scans the user’s computer for missing security updates for commonly used third party applications, such as Adobe Reader, Flash, and Java, and QuickTime.

Continue reading →

Mar 10

Talking Bots with Japan’s ‘Cyber Clean Center’

I’ve grown fascinated over the years with various efforts by Internet service providers to crack down on the menace from botnets, large groupings of hacked PCs that computer criminals remotely control for a variety of purposes, from spamming to hosting malicious software and attacking others online. Indeed, the botnet problem has become such a global menace that entire countries are now developing anti-botnet programs in collaboration with domestic ISPs.

One of the more unique and long-running examples of this is Japan’s “Cyber Clean Center,” (referred to hereafter as CCC) a little-known effort by the Japanese Computer Emergency Response Team Coordination Center (JP-CERT) and a collection of 76 Japanese ISPs covering 90 percent of the nation’s Internet users.

Participating ISPs that have customers with botted PCs may send those users an e-mail — and in some cases a letter via postal mail — instructing them to visit the CCC’s Web site, and download and run a cleanup tool developed by the JP-CERT in coordination with Trend Micro, the dominant anti-virus and computer security firm in Japan.

Relatively few of the thousands of U.S.-based ISPs have such programs in place, or if they do then not many have been willing to discuss them publicly. Some notable exceptions are Cox, Comcast (which is rolling out a trial bot infection notification system), and Qwest (if I missed any other biggies, readers please set me straight).

It’s unfortunate that such programs aren’t more widely emulated, because a majority of the world’s bot problem begins and ends here in the United States.  According to a recent report (.pdf) by McAfee, the United States is home to the second largest pool of botted PCs — 2nd only to China — and is the world’s biggest exporter of junk e-mail.

Continue reading →