Comcast will be rolling out an in-browser botnet notification system, that it has been testing for the past year, to all of its customers during the upcoming months.Dubbed Constant Guard, the service was launched in October 2009 in the Denver area. It involves monitoring the network traffic for known signs of botnet activity and notifying the affected customers via pop-ups inside their browsers.
The alerts contain a link to a specialized website where users can read more information about the threat, as well as download a copy of Norton Security Suite to clean their computer.
Botnets are armies of infected computers, which connect to so called command and control (C&C) servers and receive instructions from attackers.They can be used in a variety of ways to earn money illegally.
For example, their controllers, also called herders, can sell spamming, Distributed Denial of Service (DDoS) or pay-per-install services to other criminals.
According to CNET News, Comcast uses botnet detection services from Damballa, an Atlanta-based security company specializing in monitoring such threats.
"Response to the trial was very positive and today we are beginning to roll-out the bot notification and detection service nationally on a market-by-market basis," Jay Opperman, senior director of security and privacy at Comcast, announced on the company's blog.
Opperman also noted that when the service will be rolled out in a particular market, the customers in that area will be informed of its existence.
Also, the in-browser pop-ups will only start appearing after the service is deployed nationwide. Until then, customers will receive notifications only via email.
While it's great to see ISPs getting more involved in helping their customers to keep their computers clean, we can't help but think at the potential for abuse such services might present.
After all, the in-browser notifications are not unlike what scareware pushers already do and they could be mimicked to legitmize attacks and trick people. We can also easily imagine the service's email template being abused to direct users to malicious websites.