The Spamhaus Project


Comcast guarding users helps protect all of us

by The Spamhaus TeamDecember 07, 20094 minutes reading time

In October, Comcast Corporation, the USA's largest provider of high-speed Internet to private homes, announced the roll-out of its new Constant Guard security initiative. The system will provide in-browser notifications about possible virus infections. If the system detects a possible problem, a "service notice" will appear in the customer's web browser that tells them that a virus has been detected and urges them to go to Comcast's anti-virus center. Virus infected broadband users are what make up the large "botnet" systems used by cybercriminal gangs to send spam, wage denial-of-service attacks and engage in web ad "click fraud" among other malicious activities. One botnet can have tens of thousands or even millions of PCs, Constant Guard plans to minimize its user's risk of staying part of these botnets.

in-browser-notice Image:  phishing, virus spam, filter, block malware, spyware

Comcast said users can close the warning banners if they wish, but they cannot stop receiving them. A reminder will be shown every week while a computer appears to be infected. Comcast says its initiative contains an important secondary confirmation that the message is from the company and not a scammer: Comcast will send an e-mail to the customer's primary e-mail account. The security initiative, which Comcast hopes to roll-out nationally, is a well planned move by a major Internet provider to curb what's become the major scourge on the Internet.

To gather information about its customer's infected computers, Comcast uses data from internet advisory groups like the Spamhaus Project that specialize in identifying botted computer users — this data includes lists of infected IP addresses. Comcast also keeps an eye out for malicious bot behavior like repeated connection requests. All of that data is then aggregated to see if a customer's computer has been infected.

Comcast's customers are provided with a free download of the McAfee Internet Security Suite, which will be available as long as they remain Comcast customers. An additional "Comcast Toolbar" includes spyware removal features, a pop-up ad blocker, and anti-phishing software.

"The Constant Guard security program is the result of many years of working to assemble the right people, technologies and resources to help ensure our customers are protected from hackers and bots in real-time," Mitch Bowling, senior vice president and general manager of online services at Comcast, said in a statement. "These cyber criminals have become so fast, a bot can be instructed to send out millions of spams in a matter of minutes," added Jay Opperman, Comcast's senior director of security and privacy. "The faster that we can detect these things are operating on our network, the better."

Better for Comcast and its customers is better for the rest of the Internet. Why? With over 15-million customers, if even a small percentage of them are in botnets, they can have a massive effect on the rest of the world's online users. Mostly viable by the spam sent via these botnets.

Comcast is the first large ISP to provide this type of in-browser notification in a security context. This is a welcome change from the Comcast of many years ago who were both the number one network sending botnet spam and in the number one position in Spamhaus' "TOP 10 Spam Service Networks". These days Spamhaus sees relatively little spam being send via Comcast's network or spammers hosting on it.

As a fellow Messaging Anti-Abuse Working Group (MAAWG) member, Comcast has been a leader in proposing best practices for the ISP industry in dealing with messaging abuse issues. According to Jerry Upton, executive director of MAAWG, "The new Comcast safeguards are in line with industry best practices to help ISPs assist customers whose machines have been infected with malware. By deploying the technology to detect bots on their subscribers' computers, Comcast is providing a service to their customers and contributing to safer messaging."

A major ISP like Comcast taking a step like this should incentivise other ISPs around the world to step-up and help crack down on the number of infected users they have. Many by using this method and others using the even more effective "walled garden" approach. Although some have stated the required effort is minimal in such steps, Spamhaus knows the effort for very large ISPs can be quite difficult and costly. But guarding their customers should be an ISP's first concern and as this also helps protect most internet users from the damage botnets do, all should encourage and support these efforts.