Comcast Cuts Off Spam Zombies

Internet service provider Comcast is cutting off Internet service for some customers whose computers are being used to relay spam messages, according to a company spokesperson.

Comcast has been contacting customers whose machines are being used as "zombies" to forward spam e-mail with warning messages. In some cases, the company has cut off Internet access to customers, some of whom are unaware their system is sending out the commercial solicitations, says Jeanne Russo, a spokesperson for Comcast's cable division.

The decision to cut off spam zombies is not new, but is part of an "ongoing effort" to protect the company's network and its customers from abuse at the hands of hackers and spammers. Comcast declines to comment on whether it is stepping up its efforts to shut down the spam zombies, but the company will increase its efforts to match any increase in spam, Russo says.

Comcast is one of the U.S.' leading providers of high speed Internet access, with more than 5.2 million subscribers to its high speed data services. It is also the leading sender of e-mail, according to IronPort Systems' e-mail analysis service Senderbase.

Center of Attention

The company has long been a target of antispam activists, who complain that Comcast's large home user customer base contributes to the spam epidemic, says Johannes Ullrich, chief technology officer of the SANS Institute's Internet Storm Center.

Malicious hackers prey on unprotected systems, as well, installing remote access software that allows the machine to be enlisted in distributed denial of service attacks against Internet domains, he says.

Recent published reports have suggested that spammers may be acting in concert with virus writers, such as the author of the Sobig virus, to build networks of insecure and virus-infected home machines that are used to distribute spam.

"Comcast is one of the favored networks of spammers, because Comcast customers have a lot of bandwidth and are usually not secured against common [software] vulnerabilities," Ullrich says.

The Internet Storm Center recorded scanning activity characteristic of virus-infected machines from about 10,000 Comcast machines on Sunday, Ullrich says.

At the same time, Senderbase records show what appear to be the Internet Protocol addresses of more than 40 Comcast customers who have sent out more than 100,000 e-mail messages a day, with many sending close to 1 million daily e-mail messages.

Traffic Patterns

In addition allowing spam to be sent from its network, Comcast allows traffic over its network that is destined for communications ports, such as port 445, that are favorites of malicious hackers, Ullrich says.

Ullrich says the Internet Storm Center tells Comcast when it finds infected hosts by sending a message to a Comcast e-mail address set up to receive complaints about abuse. Typically the company does not respond directly to such reports, but it has moved to shut down infected hosts after receiving complaints, he says.

Comcast says that it is aware of the problem, is alerting customers who were hacked and helping them secure their computers.

Customers booted from the network can frequently have their access restored after taking steps to prevent future infection, Russo says.

While Comcast's network may be one of the biggest spam conduits on the Internet, the company is not alone in wrestling with the spam problem, Ullrich says.

"It's a combination of high bandwidth and unsophisticated users. Comcast is not that different from AT&T or DSL providers," he says.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
  
Shop Tech Products at Amazon