Comcast recently found a massive swath of their customer IP addresses blacklisted by SPEWS or Spamhaus because of infected residential accounts acting as unwitting spam relays. In fact at the end of February there were 45,010 spam complaints originating from just 5 Comcast IPs alone; though our forums indicate Comcast is slowly moving. -

Not often will a cry of "Hey! I've been disconnected!" be met with a round of applause in our forums - unless you're an infected relay pumping the digital ether full of spam. If our forums are any indication, Comcast is taking some degree of action, even if users are receiving letters four weeks after they claim they've installed firewalls and anti-virus software.

It's estimated that thirty percent of the world's spam comes through poorly secured PC's that have become zombie marketers. This thread holds additional details, and the letter Comcast is sending out to infected subscribers is reprinted below.

-----

From abuse@comcast.net

Date Thursday, March 04, 2004 6:48 AM

To [All my comcast emails]

Subject [[Last name, First]] Policy Violation (Spam - Insecure) [TICKET_ID: XXX]

* * * IMMEDIATE ACTION and REPLY REQUIRED * * *Please read this entire message, review the required action(s) below, and send a prompt reply message to acknowledge receipt of this email.

From: Comcast Abuse Department [abuse@comcast.net]

Comcast has been made aware and verified that a violation of the Comcast Internet Subscriber Agreement and/or Acceptable Use Policy has occurred from your account. These policies can be found at www.comcast.net/terms. Failure to comply with these policies can result in a permanent termination of your service.

The account holder is solely responsible for any and all activities performed from your Comcast service. Please read the following information carefully to ensure that you understand the violation, our policies, and what you need to do to respond to this warning.

Type of violation: Unsolicited Email ("spam") originating from your Comcast connection.

Explanation:We have confirmed that your machine has been involved in

transmitting unsolicited email, an activity that is in violation of the Comcast Terms of Service Agreement. The reporting parties have provided email header information, which clearly shows the IP address of the computer that was transmitting the email. The IP address listed was one that was assigned to your computer at the date and time in question.

******* IF YOU CANNOT ACCOUNT FOR THIS ACTIVITY, THE EMAIL BEING SENT FROM YOUR COMPUTER MAY BE DUE TO A VIRUS/TROJAN INFECTION, A RESULT OF AN INSECURE SERVER, SUCH AS AN OPEN PROXY OR MAIL RELAY, OR A MISCONFIGURED/INSECURE WIRELESS ACCESS POINT ********

POSSIBLE CAUSES:

(1) Your computer may be infected with a virus, which is trying to spread itself by through email attachments.

(2) Your computer may be infected with a virus, which installed an insecure mail server and/or proxy server on your computer. These viruses allow a spammer on the Internet to bounce unsolicited email advertising through your computer and back out to the Internet. The spam messages would look like they originated from your computer's unique Comcast IP address instead of the spammer's, allowing them to remain anonymous. Please note that if this were occuring, your personal email address would not show up in the "From:" address of the spam messages.

(3) You may have intentionally installed a mail server, proxy server, or even a wireless access point that has not been secured, which is vulnerable to relaying of email.

(4) You may have a mailing list (e.g. marketing, bulk emailing) that you intentionally send email to, which generated complaints from the recipients.

ACTION REQUIRED

(1) Please temporarily remove your computer from the Comcast Internet service if you cannot immediately determine the cause the problem and correct it. This action will protect your computer from being further compromised and protect the Comcast network from receiving further complaints about your account.

(2) Remove any viruses and other illegitimate startup processes from you computer. The best method is to install and/or update commercial antivirus software and run a full scan of your hard drive. Please be aware that some recent viruses can avoid detection by antivirus software, or may not be removed entirely when found. Check with your antivirus vendor to see if it is possible to run the software under Safe Mode for a more complete scan. We would also recommend having the security of your computer reviewed by a third-party computer technician or seek help from your computer manufacturer.

(3) Ensure that any servers installed on you home network are NOT accessible from the Internet. It may be necessary to disable, uninstall the services, or in the case of wireless access points, set up encryption (WEP) to protect your network from hijacking.Please reply to this email, keeping the original message and subject unchanged for tracking purposes, upon your receipt of this message. We require your reply to signify