NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Comcast's "Evil Bot" Scanning Project

----- Forwarded message from Dave Farber <dave@farber.net> -----

Date: Thu, 8 Oct 2009 16:42:50 -0400
From: Dave Farber <dave@farber.net>
Subject: [IP] Constant Guard - Combating Bots
Reply-To: dave@farber.net
To: ip <ip@v2.listbox.com>

Begin forwarded message:

> From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
> Date: October 8, 2009 15:35:47 EDT
> To: Dave Farber <dave@farber.net>
> Subject: Constant Guard - Combating Bots

> Dave – for IP if you like:
> We announced a new security program, called Comcast Constant Guard,  
> focused on end-user security.  One technical aspect of that is a  
> (web-based) Service Notice, which we will start testing in a small part 
> of our network later today.  What I think is important to keep in mind 
> is that ISPs often have systems, such as email anti-spam systems, that 
> provide information about customers that have been infected with malware 
> (primarily bots).  For years we and others have simply treated the 
> symptoms of this massive rise is malicious software.  What we’re trying 
> to do now is go right to the source and start to help customers by first 
> advising them that they may have been infected with a bot, and second by 
> trying to lead them through a remediation process.
> With respect to bot removal, this is a big part of the trial as well  
> and we think we (and the security industry more generally) have a lot to 
> learn.  We need to determine how effective the tools available today for 
> removal are, or if much more sophisticated and difficult removal is 
> needed.
> Below is the text of a CNet story on this today.  We have also updated 
> our Network Management disclosure page 
> (http://networkmanagement.comcast.net).  Tech-savvy users may also like 
> to take a look at an IETF draft on remediation options at 
> http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 and 
> the technical details of how the Service Notice delivery system works 
> (no DPI) at 
> http://tools.ietf.org/html/draft-livingood-web-notification-00.
> We have a lot to learn about how to identify and remove bots from ISP 
> networks, but I thought it was important for us to start trying  
> different approaches and seeing what works.  This is a challenging  
> problem space.
> http://news.cnet.com/8301-27080_3-10370996-245.html
> October 8, 2009 10:25 AM PDT
> Comcast alerts customers to infected PCs
> by Elinor Mills
> Comcast is launching a trial on Thursday of a new automated service  
> that will warn broadband customers of possible virus infections if the 
> computers are behaving like they have been compromised by malware.
> For instance, if the amount of traffic being sent from a particular IP 
> address spikes significantly overnight, that could signal that a  
> computer is infected with a virus that takes control of the system and 
> uses it to send spam as part of a botnet.
> The alerts are triggered "when we see computers on our network that are 
> doing things that are known bot activities, say a computer is spewing 
> out thousands of spam emails," said Jay Opperman, senior director of 
> security and privacy at Comcast.
> Comcast, which is the largest residential ISP with 15.3 million  
> consumer customers, also is alerted to compromised customer computers 
> when the IP address is identified as being the source of spam on 
> industry spam lists, he said.
> Customers in Denver will begin receiving notifications that their  
> system may be infected with a virus or other malware via a pop-up  
> message in the browser as part of the new Comcast Service Notice, which 
> is free. The notice will include a link to a Comcast security Web site 
> where customers can follow a set of instructions to remove the malware 
> from their computer.
> If customers don't have anti-virus software they can download McAfee  
> Internet Security Suite for free. Comcast also offers a Comcast Toolbar 
> that includes spyware detection and removal, a pop-up ad blocker, 
> anti-phishing software and anti-spam protection for email.
> The company first started notifying customers about the security issues 
> about a year ago, with support representatives calling customers on the 
> phone, Opperman said.
> "We learned that customers love it," he said. "We wanted to reach more 
> people and to automate the process."
> This appears to be the first service where an ISP proactively notifies 
> customers about security issues on their computers. For years, security 
> experts have complained that ISPs are uniquely positioned to and should 
> do more to help customers combat security problems. But ISPs have been 
> reluctant to assume additional responsibilities that are not central to 
> their core service offering and for which they would then have to 
> maintain a standard going forward.
> "I would hope that the government would do things to encourage this, if 
> you alleviate some of the potential concerns that others may have about 
> giving that kind of notification," said Jerry Upton, executive director 
> of the Messaging Anti-Abuser Working Group. "I think it's the beginning 
> of many ISPs and network providers realizing that customers need a 
> little better knowledge of what the problems are out there."
> Alissa Cooper, chief computer scientist for the Center for Democracy  
> and Technology, said the organization welcomes Comcast's initiative.
> "ISPs have a helpful role to play in helping subscribers mitigate these 
> kinds of security threats," she said. "The challenge is ... when users 
> get these notices do they understand them? Do they trust that they are 
> real? Do they follow through to the point where they clean up their 
> computers?"
> The new service will eventually be rolled out in the rest of the  
> country and will replace the phone calls Comcast has been using to  
> notify customers to security problems, Opperman said.
> Asked how many alerts have been sent to customers with Macintosh  
> computers, Opperman said he could not provide a specific number but  
> said there had been some.
> Regards,
> Jason Livingood
> Internet Systems Engineering
> Comcast Cable Communications

Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----