Comcast cuts off spam 'zombies'

Internet service provider Comcast is cutting service for some customers whose computers are being used to relay spam messages.

US internet service provider Comcast is cutting service for some customers whose computers are being used to relay spam messages.

Comcast has been contacting customers whose machines are being used as "zombies" to forward spam e-mail with warning messages. In some cases, the company has cut off internet access to customers, some of whom are unaware their system is sending out the commercial solicitations, said Jeanne Russo, a spokeswoman for Comcast's cable division.

The decision is part of an "ongoing effort" to protect the company's network and its customers from abuse at the hands of hackers and spammers. Comcast declined to comment on whether it is stepping up its efforts to shut down the spam zombies, but the company will increase its efforts to match any increase in spam.

Comcast is one of the leading providers of high-speed internet access in the US, with more than 5.2 million subscribers to its high-speed data services. It is also the leading sender of e-mail, according to IronPort Systems' e-mail analysis service Senderbase.

The company has long been a target of antispam activists, who complain that Comcast's large home user customer base contributes to the spam epidemic, said Johannes Ullrich, chief technology officer of the Sans Institute's Internet Storm Center.

Malicious hackers prey on unprotected systems, as well, installing remote access software that allows the machine to be enlisted in distributed denial-of-service attacks against internet domains, he said.

Recent published reports have suggested that spammers may be acting in concert with virus writers, such as the author of the Sobig virus, to build networks of insecure and virus-infected home machines that are used to distribute spam.

"Comcast is one of the favoured networks of spammers, because Comcast customers have a lot of bandwidth and are usually not secured against common (software) vulnerabilities," Ullrich said.

The Internet Storm Center recorded scanning activity characteristic of virus-infected machines from about 10,000 Comcast machines on Sunday.

Ullrich said the Internet Storm Center tells Comcast when it finds infected hosts by sending a message to a Comcast e-mail address set up to receive complaints about abuse. Typically the company does not respond directly to such reports, but it has moved to shut down infected hosts after receiving complaints.

Customers booted from the network can frequently have their access restored after taking steps to prevent future infection.

While Comcast's network may be one of the biggest spam conduits on the internet, the company is not alone in wrestling with the spam problem.

"It's a combination of high bandwidth and unsophisticated users. Comcast is not that different from AT&T or DSL providers," said Ullrich.

Paul Roberts writes for IDG News Service

Read more on IT risk management