3 Comments

Summary:

Botnets — autonomous and automated collections of compromised computers that spew spam all around the globe — have become a scourge on the communications infrastructure. As we covered a few days ago, Message Labs, a division of Symantec that tracks over 3.7 billion SMTP connections per […]

Botnets — autonomous and automated collections of compromised computers that spew spam all around the globe — have become a scourge on the communications infrastructure. As we covered a few days ago, Message Labs, a division of Symantec that tracks over 3.7 billion SMTP connections per day, reports that botnets are responsible for a whopping 88 percent of email traffic from new and previously unknown bad sources. Currently, one of the most nefarious botnets, dubbed Grum, is responsible for over 23 percent of all global spam. That’s power — and not the good kind.

In talking with MessageLabs officials recently, though, I also discovered that there are increasingly sophisticated efforts at the ISP level to filter out traffic from botnets. On that front, it should be very welcome news to many people that Comcast is taking direct aim at botnets and viruses through a new initiative called “Constant Guard.”  In Denver, it’s already working, and here are more details on this promising effort.

According to Comcast’s post on Constant Guard, it is “the culmination of a multi-year effort to create a comprehensive approach to protecting our customers from increasingly sophisticated online security threats.” There are several components to the initiative:

  • A Customer Security Assurance (CSA) team of security experts will proactively contact customers to respond to issues relating to bots, spam, and virus-infected PCs, as well as other security-related issues. The hope is that if your own Comcast-served computer has been taken over by a bot, the CSA team will know about it and alert you.
  • Comcast customers will receive security software as a standard part of their service, including McAfee Internet Security Suite, a toolbar for sniffing out spyware and other malware, and more.
  • Comcast customers will get access to Security Channel, a web portal that will collect security tips, alerts and tools.

The Constant Guard initiative is intended to help Comcast users fight botnets, in particular. Botnets, by nature, infect ever-growing armies of computers, often without users knowing about the problem. The more computers a botnet reaches, the more nodes it has to keep spreading from. Comcast will be sending pop-up messages to users if the company suspects that a computer is infected, pointing them to online resources for disinfection. In the current Denver trial, users can close the warnings without taking action, but cannot opt out of getting them.

One thing Comcast will have to watch closely is efforts by phishers and malware purveyors to mimic its Constant Guard notifications, and dupe users into revealing private information or visiting infected sites. The company  notes that email notifications of possible infections will be sent from this address: “csa-noreply@comcast.net.”

As we noted here, botnets make it increasingly important that spam and malware are identified and, if possible, filtered out at the ISP level. It’s also true of botnets that a very small concentration of the biggest ones tend to be responsible for the majority of spam and viruses sent around the globe. Once these major botnets take over a given computer, the machine can begin to send massive amounts of spam out within minutes. That kind of instant shift is exactly what Comcast’s Constant Guard team will be looking for when sending users notifications. This is a smart effort from Comcast, and it would be good to see other ISPs follow suit.

  1. Comcast to Put Botnet Cops on the Security Beat | Ashton Technology Blog Wednesday, October 14, 2009

    [...] Comcast to Put Botnet Cops on the Security Beat. [...]

  2. Technically Philly » Comcast Roundup: Deal with NBC ‘done in principle,’ major security initiative underway and More | Covering the Community of People Who Use Technology in Philadelphia. Thursday, October 15, 2009

    [...] The company’s corporate blog announced Constant Guard, but the team dedicated to proactively reaching out to customers affected by spammers, viruses and bots that has been much trumpeted by the company’s public relations unit has been largely drowned out by the noise of NBC. CNET reports on last week’s launch, and the team’s focus on tracking trends like a sudden, heavy surge in traffic from a particular IP adresss. The Philadelphia Business Journal reports that the initiative includes free security software that customers can download from Comcast, and Gigaom gives its approval. [...]

  3. House Committee: ISPs Must Block Scam Sites Wednesday, November 4, 2009

    [...] ability. That’s just good business practice. We noted last month that Comcast was launching a new program called “Constant Guard” to combat botnets, which are a huge threat to networks of all kinds. A few months ago I had the [...]

Comments have been disabled for this post