Comcast Battles ID Theft, Attacks Botnet’s
October 10th, 2009 Keith Lubsen
Most people have never heard of a botnet. The largest residential Internet Service Provider in the U.S., Comcast Corp., may change that with the introduction of a new service which identifies it customers whose computers appear to be part of a botnet.
What is a botnet? It is a group of computers under the control of a bot herder. Bot herders typically gain control of the computers in the botnet illegally through the use of malware (e.g., viruses, spam, phishing, malvertising). Bot herders take over command of computers without the computer owner’s knowledge or permission. There are thought to be millions of computes throughout the world under the control of bot herders.
Botnet’s are typically used by criminals, terrorists and nation states for various financial crimes (e.g., ID theft or spam transmission). They can also be used as powerful weapons in cyber warfare (Distributed Denial of Service attacks) as evidenced in the Russian/Georgian conflict. Bot herders will either directly use a botnet for their own purposes or rent the temporary use of their botnet to the highest bidder.
Comcast’s “Constant Guard” program began rolling out in Denver on Oct 8th, 2009 and is expected to eventually affect all U.S. Comcast customers. The program monitors Comcast High Speed Internet customer’s upload and download bandwidth traffic volume and type of traffic in an attempt to identify customers whose computers have been infected and are part of a botnet. Customer computers who Comcast suspects are part of a botnet will be contacted by both an in-browser notification “Service Notice” (a.k.a. pop up window) within their browser and an email notification to their primary email address.
Comcast virus detection Pop Up alerts customers of being controlled by Botnet
The pop up instructs Comcast customers to visit the Comcast Anti-Virus Center and follow instructions to remove the viruses (which are allowing botnet control) from their computer.
Comcast customers can close the pop up but will receive the pop up again every seven days as long as Comcast suspects the computer is part of a botnet. Customers can not voluntarily opt of receiving the pop up notices.
Comcast addressed some privacy concerns by stating that they will not look into the content of the traffic (i.e., deep packet inspection) they are monitoring.
The Comcast press release states: “According to Javelin Strategy and Research, there were more than 10 million victims of identity theft in the U.S. last year and many of those thefts were made possible through the use of bots (or viruses). The annual global business cost of identity theft has been estimated to be $221 billion (Aberdeen Group).”
More about the Constant Guard program can be found at Comcast’s web site at:
The full Comcast press release can be found here.