Comcast cutting off 'spam zombies'

IDG News Service - Internet service provider Comcast Holdings Corp. is cutting off service for some customers whose computers are being used to relay spam messages, according to a company spokeswoman.
Comcast has been contacting customers whose machines are being used as "zombies" to forward unsolicited commercial e-mail with warning messages. In some cases, the company has cut off Internet access to customers, some of whom are unaware that their systems are sending out the e-mails, said Jeanne Russo, a spokeswoman for Comcast's cable division.
The decision to cut off spam zombies isn't new, but it's part of an "ongoing effort" to protect the company's network and its customers from abuse at the hands of hackers and spammers. Comcast declined to comment on whether it's stepping up its efforts to shut down the spam zombies, but the company will increase its efforts to match any increase in spam, Russo said.
Philadelphia-based Comcast is a leading provider of high-speed Internet access in the U.S., with more than 5.2 million subscribers to its high-speed data services. It's also the leading sender of e-mail, according to IronPort Systems Inc.'s e-mail analysis service SenderBase.
The company has long been a target of antispam activists, who have complained that Comcast's large home-user customer base contributes to the spam epidemic, said Johannes Ullrich, chief technology officer of SANS Institute Inc.'s Internet Storm Center. Malicious hackers also prey on unprotected systems, installing remote-access software that allows machines to be enlisted in distributed denial-of-service attacks against Internet domains, he said.
Recent published reports have suggested that spammers may be acting in concert with virus writers, such as the author of the Sobig virus, to build networks of insecure and virus-infected home machines that are used to distribute spam.

"Comcast is one of the favored networks of spammers, because Comcast customers have a lot of bandwidth and usually aren't secured against common [software] vulnerabilities," Ullrich said.
The Internet Storm Center recorded scanning activity characteristic of virus-infected machines from about 10,000 Comcast machines on Sunday, Ullrich said.
At the same time, SenderBase records show what appear to be the Internet Protocol addresses of more than 40 Comcast customers who have sent out more than 100,000 e-mail messages per day, with many sending close to 1 million daily e-mail messages.
In addition to letting spam be sent from its network, Comcast allows traffic over its network that's destined for communications ports, such as Port 445, that are favorites of malicious hackers, Ullrich said.
Ullrich said the Internet Storm Center tells Comcast when it finds infectedhosts by sending a message to a Comcast e-mail address set up to receive complaints about abuse. Typically, the company doesn't respond directly to such reports, but it has moved to shut down infected hosts after receiving complaints, he said.
Comcast said it's aware of the problem and is alerting customers who were hacked and helping them to secure their computers.
Customers booted from the network can frequently have their access restored after taking steps to prevent future infection, Russo said.
While Comcast's network may be one of the biggest spam conduits on the Internet, the company isn't alone in wrestling with the spam problem, Ullrich said. "It's a combination of high bandwidth and unsophisticated users," he said. "Comcast is not that different from AT&T or DSL [Digital Subscriber Line] providers."

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.