Security Experts Fear Abuse of Comcast Botnet Notification System

Security experts have expressed concerns over Comcast's new in-browser botnet notification system, saying that it will most likely be abused by scareware distributors.

Comcast is in the process of rolling out a new service called Constant Guard, that will alert any of its 16 million high-speed internet customers if malware activity is detected on their computer.

The program aims at helping users clean their systems of trojans by directing them at a website with specialized information and anti-malware tools.

However, while the whole idea is commendable, its implementation is worrying to say the least. Comcast plans to alert users about infections via in-browser pop-ups.

"My concern is that this is creating a tremendous opportunity for fake AV/scareware  criminals. It's almost an invitation...

"I could see injecting these banners into websites and spamming customers with these messages leading to your standard fake AV installer," Chester Wisniewski, a senior security advisor at Sophos, warns.

"I am not opposed to the idea of helping Comcast customers clean up their act, I just feel that the messaging feels an awful lot like what the scammers are sending out," he notes.

We have the exact same feeling about these notifications and we outlined their abuse potential in our recent article about the new service.

The Sophos security expert says that a phone number for people to call might be more appropriate. This is actually the approach taken by German authorities and ISPs in their new Anti-Botnet Initiative.

Another example comes from Virgin Media, which is working to create similar botnet notification program. The UK ISP plans to alert customers via letters.

Comcast said that until the system is fully deployed nationwide, it will send alerts through email, a method that can also be abused, but is a little better than in-browser pop-ups.

But even if the company hears these concerns now, it's very unlikely that it will make any major modifications to the system after investing significant resources to build and test it.