Comcast reached out to us today to note that they're employing a new strategy to help deal with customers they've identified as having trojan-infected PCs. According to Comcast, the company is going to start issuing alerts on subscriber PCs (see screenshot below) should the user be showing the telltale signs of botnet or spam relay infection. The alert can either be ignored by the customer, or they can click on a link that will take them to the Comcast security center, which offers cleanup guidance.

Comcast isn't alone in trying to automate the trojan identification and cleaning process. In 2006 we talked with Canadian cable operator Cogeco about the use of so-called "walled gardens," something Cox Communications also helped pioneer.

Walled garden systems take things one step further by modifying configuration files on the modems, and restricting user access to the Internet. Customers in those instances only see links to ISP help and virus cleaning tools, and full access isn't restored until support is convinced the PC's clean.

Comcast tells us they considered the full walled-garden approach, and explored the idea in a draft standarded submitted to the IETF. Given the high volume of different devices that could be connected to the Internet at any one time (VoIP devices, game consoles), Comcast apparently decided against the idea: For those interested in how the alert system works, Comcast has stopped by our forums to discuss it in more detail and field any questions you might have (again, nice to see Comcast interacting with the community). Comcast says infected PCs are identified through a combination of independent security research that identifies compromised IPs (via groups like Spamhaus), and Comcast network analysis. Comcast says the proxy system they're using does not cache any information, and no usage data is tracked or stored in the process:Comcast's move is certainly a welcome one. While we imagine some security analysts will argue it doesn't go far enough, you'd have to think that any statistical erosion of botnet-infected machines has to be a good thing. As with their recent DNS Redirection push, Comcast also deserves credit for making the process entirely transparent via IETF filings. Still, you have to wonder how many infected customers will avoid the alert, given it looks a lot like the kind of phishing solicitations they're repeatedly told not to click on by the family computer nerd.

Again though, it's progress. Mega-ISP abuse departments have traditionally been slow to respond to the threat of botnets, which are used for spam, DDoS attacks, or as part of phishing operations. Over the years we've noticed a substantive disconnect between ISP executives and ISP engineers and the amount of resources each feels the problem warrants. With the continual increase in phishing scams, it's nice to see executives at the nation's largest cable company giving the problem some added funds and attention.