User Notification for Possible Infected Systems

Published: 2009-10-10
Last Updated: 2009-10-10 15:24:58 UTC
by Tony Carothers (Version: 2)
3 comment(s)

One of our readers, Roy, came across this article from Yahoo! this morning reporting that Comcast is planning to enlist it's customers help in the fight against botnets by using pop-up alerts. Comcast's general idea is that, if Comcast notes traffic associated with known botnet activity, a pop-up will appear on the user's computer. The article gives the full details as reported by the Assosciated Press.

The last paragraph, from an overall security perspective, is the most concerning to me, and that is the use of hoax popups and sites. I quote "Phil Lin, marketing director at network security firm FireEye Inc., said hackers could mimic Comcast's pop-up banner or the confirmation ads. And unsuspecting customers wouldn't know they should expect to see a confirmation from Comcast in the first place."  We know it is only a matter of time, and my guess is it will be a very short time, before the botnet farmers start making use of hoax notification pop-ups and sites. 

The bottom line: Good security practices up front, solid software and applications, and user awareness would almost eliminate the need for any effort of this type.

Keywords: botnet popups
3 comment(s)

Comments

I agree with the bottom line. First you need good security practices within you environment, and applications. As an consultant I suggest Comcast not enlist their customers to fight security issues and let customers be customers, and get the right tools to do the job right.


Sid Brydel
//gRp//
Is Comcast restricting outbound port 25 to their own mail server yet?

(looks at spam filter)

How about they start there, which will actually help, and find out how to train their users on how to do that, before they start thinking popups are going to be a magic bullet?
I agree with Peter and Sid on this:

I doubt they have restricted port 25 to internal net users. I haven't used ComCast in a few years. They really should go with submission ports (587) internally and force usrs to authenticate. Doesn't stop spammers from actually acquiring a legit account to do their dirty work, but may make it more complex for botnets to spam from inside their network. Overall reduction in malicious email practice should go down drastically.

I also see their current path becoming yet another way to socially engineer users into clicking those fake pop-ups much like the current variations being used for M$'s virus defense pop-ups. I think it will end up doing more harm than good.

Diary Archives