Comcast is announcing today that it will be offering all of its Internet customers a free service that alerts them if it appears that their computer is infected with botnet malware.
The cable giant, which is the largest residential ISP in the U.S., began a trial of the botnet detection service a year ago in Denver. Now, Comcast will be rolling it out to the rest of its more than 16 million Xfinity Internet customers over the next few months.
Customers will receive e-mails with information about how the Botnet Identification and Notification service works, as well as info on how criminals distribute malware via e-mails with malicious attachments and Web links that create botnets out of thousands of infected computers. The botnets are then remotely controlled to distribute spam or launch distributed denial-of-service attacks designed to cripple Web sites.
Infected computers, often called botnet zombies, receive instructions from command-and-control servers controlled by the criminals. Comcast is using botnet detection service from Damballa to recognize the command-and-control servers and will notify customers whose computers are found to be communicating with those servers, said Jay Opperman, senior director of security and privacy at Comcast.
Comcast will be monitoring the traffic between its customer computers and the known botnet control servers only. "There is no software downloaded on a customer computer," Opperman said.
Comcast will reach out to customers with potentially infected machines via e-mail initially, and eventually via an in-browser alert, he said. Customers will then be directed to the company's Constant Guard Web site where they can get instructions on how to clean up their computer, including the option of downloading Norton Security Suite for free.
"I think this is a good thing for customers and providers, and will, I think, spur a new conversation between the two," botnet expert Jose Nazario, senior manager of security research at Arbor Networks, told CNET in an e-mail. "Customers will begin to understand the services their ISPs can provide and why they want to look a bit at their traffic in order to defend them. This could be a tipping point to change the expectations of all providers."
Qwest is another ISP that is alerting customers to possible malware infections. Its Customer Internet Protection Program displays a Web page with a warning to customers and offers a way to remove the infection for free before the customer can continue surfing the Web.