Comcast to provide new opportunities for fake AV

Filed Under: Malware

Comcast Cares

Comcast has announced they are beginning a nationwide roll out of their "Constant Guard" botnet detection service. Comcast is the largest cable internet service provider in the United States, so this could have a large impact on zombied US computers.

According to Brian Krebs's blog the service is provided by Damballa, a botnet research firm who monitor IP addresses engaged in known botnet activity. This clearly will not pick up every bot, nor virus, but it can help with some of the larger more prevalent botnets that Damballa has visibility into.

Comcast will display a JavaScript hover banner warning you that your PC may be infected and ask you to visit it's site. They also will send customers an email to their comcast.net address when it is believed they are participating in a botnet.

Comcast email about being in a botnet

My concern is that this is creating a tremendous opportunity for fake AV/scareware criminals. It's almost an invitation... I could see injecting these banners into websites and spamming customers with these messages leading to your standard fake AV installer.

It would seem to me that they may be better off providing a number for people to call to get advice, or perhaps have an automated call system alert them to the threat. I am not opposed to the idea of helping Comcast customers clean up their act, I just feel that the messaging feels an awful lot like what the scammers are sending out.

Instead of playing softball, if Comcast is serious they could drive people to a captive portal, like you get on hotel WiFi networks. Make people clean up, and only allow them to get to legitimate security sites until they are fixed. Maybe a phone warning and then after 14 days they block you.

The good news is that "Comcast Cares" as their slogan suggests. Another bright point is that they are not inspecting your traffic in a way that may compromise your privacy. Damballa is a respected security organization and their techniques will not inspect your personal details.

Comcast, if you're listening, can we figure out a way to do this without looking like you are hawking "Windows XP Anti-Virus 2011"? If not, more of your customers may become infected simply by confusing your messaging with the messages from those whom you are trying to stop.

, , , ,

You might like

One Response to Comcast to provide new opportunities for fake AV

  1. Scott · 627 days ago

    Your point is definitely valid... considering I found this article while trying to research if "Constant Guard" is a scam or not.

    It sounds like it's not a virus scam... but also might not be the most useful piece of AV out there. It's just very annoying that the box hovers over the screen and can't be clicked away. It's more intrusive than whatever 'bot' it claims I have.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.