US Cable Support > Comcast HSI > Your computer may be infected

Your computer may be infected

If you have Comcast and you get a legitmate email from Comcast it's not a sales pitch. What would they try to sell you? Free Norton? Free ConstantGuard? Read this as to what'll eventually happen: »[HomeSecurity] Comcast service notice in browser

»xfinity.comcast.net/constantguar···istance/

Option 2 is for "...fast, affordable bot and virus removal" which means they are selling me a service. It links to this...
»signaturesupport.xfinity.com/cg-bot-removal

...only $19.95 per month!

This is for a bot/virus that DOES NOT EXIST on my computer.

There are actually two products, a free bot notice (if the problem is severe enough you will get a popup and be unable to use your connection until you clean it up/acknowledge the notice) and a second paid cleanup and repair service.
Yes, the second service MAY send ads (you can set CC email to not send OFFERS (ads) ie opt out in the settings page )

Ads are a frequently item via email, and internet and certain not worth freaking out about.
Opt-out and reporting those that fail to comply can help stem the flow of actual SPAM.

reply to MiNdErAsR
I just received the "you may be infected with a bot" email.

There is no doubt that I am NOT infected with a bot.

What do you think might have triggered this?
--
Old dogs can learn new tricks!

reply to MiNdErAsR
Well, considering I regularly get scripted attacks from comcast addresses all the time on my servers, I'd say its possible some people are infected on comcast
--
My place : »www.schettino.us

reply to MiNdErAsR
Also, If you check this page »xfinity.comcast.net/constantguard/Alerts/
you can see Phishing emails spoof as coming from comcast are a constant threat.

reply to MiNdErAsR
I would suggest that you run an antivirus program on your computer(s) as Comcast has detected malware/bots going through your connection.
--
All of my CPE (including my EMTA) is customer owned. The only Comcast owned equipment in my house is the CableCards in the two TiVO boxes I own.

reply to IowaCowboy

Re: Your computer may be infected

reply to ctgreybeard

quote:

---

How did Comcast determine that I may have a bot?
We identify infected computers in several ways. First, we get data from reputable Internet research groups that specialize in bot identification. The data we get includes a list of Internet Protocol (IP) addresses that are infected and those that belong to bot command and control channels. Second, we look for malicious behavior exhibited by bots such as spam, distributed denial of service attacks and repeated connections requests to known command and control channels. We then aggregate this data to confirm whether one or more of your computers has been infected.

---

Thanks, but that's way too vague to be useful. I have five Macs on my network. One runs a Tor relay node, one is an Apple TV, one is turned off usually. I run Sophos AV on the two laptops and have not had any recent alerts and the only alerts I have ever received were for Windows problem files.

I'm treating this email alert as a false positive as I cannot determine what it is alerting on and in my own investigation I have not found anything at all.

Perhaps the TOR relay is triggering something? It is not an exit node so it only connecting to other TOR nodes and not to web sites or such.

Or, perhaps, the Apple TV? We do stream some video through that from Apple.

It would be good if Comcast could provide a more detailed signature of what they think might be BOT activity for my network. More detail would help define the problem and its possible source.
--
Old dogs can learn new tricks!

reply to JohnInSJ
Hee hee... that would be a sure bet. Just to see what would happen. Once some years ago in Northwest Ohio with Roadrunner I fired up Apache on a Red Hat box and opened the port. In less than 24 hours the logs were filling up with the usual attempts looking for cmd.exe. Roughly half the IPs were in Roadrunners domain.

Anyway, your comment reminded me of that.

reply to NetFixer

reply to NetFixer