Comcast to Put Botnet Cops on the Security Beat

Botnets — autonomous and automated collections of compromised computers that spew spam all around the globe — have become a scourge on the communications infrastructure. As we covered a few days ago, Message Labs, a division of Symantec that tracks over 3.7 billion SMTP connections per day, reports that botnets are responsible for a whopping 88 percent of email traffic from new and previously unknown bad sources. Currently, one of the most nefarious botnets, dubbed Grum, is responsible for over 23 percent of all global spam. That’s power — and not the good kind.

In talking with MessageLabs officials recently, though, I also discovered that there are increasingly sophisticated efforts at the ISP level to filter out traffic from botnets. On that front, it should be very welcome news to many people that Comcast is taking direct aim at botnets and viruses through a new initiative called “Constant Guard.”¬† In Denver, it’s already working, and here are more details on this promising effort.

According to Comcast’s post on Constant Guard, it is “the culmination of a multi-year effort to create a comprehensive approach to protecting our customers from increasingly sophisticated online security threats.” There are several components to the initiative:

  • A Customer Security Assurance (CSA) team of security experts will proactively contact customers to respond to issues relating to bots, spam, and virus-infected PCs, as well as other security-related issues. The hope is that if your own Comcast-served computer has been taken over by a bot, the CSA team will know about it and alert you.
  • Comcast customers will receive security software as a standard part of their service, including McAfee Internet Security Suite, a toolbar for sniffing out spyware and other malware, and more.
  • Comcast customers will get access to Security Channel, a web portal that will collect security tips, alerts and tools.

The Constant Guard initiative is intended to help Comcast users fight botnets, in particular. Botnets, by nature, infect ever-growing armies of computers, often without users knowing about the problem. The more computers a botnet reaches, the more nodes it has to keep spreading from. Comcast will be sending pop-up messages to users if the company suspects that a computer is infected, pointing them to online resources for disinfection. In the current Denver trial, users can close the warnings without taking action, but cannot opt out of getting them.

One thing Comcast will have to watch closely is efforts by phishers and malware purveyors to mimic its Constant Guard notifications, and dupe users into revealing private information or visiting infected sites. The company¬† notes that email notifications of possible infections will be sent from this address: “[email protected].”

As we noted here, botnets make it increasingly important that spam and malware are identified and, if possible, filtered out at the ISP level. It’s also true of botnets that a very small concentration of the biggest ones tend to be responsible for the majority of spam and viruses sent around the globe. Once these major botnets take over a given computer, the machine can begin to send massive amounts of spam out within minutes. That kind of instant shift is exactly what Comcast’s Constant Guard team will be looking for when sending users notifications. This is a smart effort from Comcast, and it would be good to see other ISPs follow suit.