The other day I got a rather important-looking email from Comcast saying they thought my PC had been infected with a bot. Now, being in the business, I am religious about keeping up to date on both Windows Update and my antivirus program (Norton Security is supplied by Comcast). So to be infected with a bot would be surprising and I wanted to get the details of why Comcast thought I had one. I had the following surreal experience with Comcast Customer Support.
analyst Carlo has entered room
CarloCQNT: Hello Rolf, Thank you for contacting Comcast Live Chat Support. My name is Carlo. Please give me one moment to review your information.
Rolf: My Issue: I am an IT professional. I have now received 2 emails from Comcast stating that my computer (or presumably one of the PC’s on my LAN) is infected with a “bot” – I want technical details of why you think that’s the case.
CarloCQNT: Hi.
CarloCQNT: I know that can certainly be frustrating. Let me try to pin point what the problem is and work on getting this fixed for you.
Rolf: I have checked each of the 4 PC’s on the network and all 4 are, of course, up to date with the latest Windows updates and Norton Security updates. So I want to know what is triggering these alerts.
CarloCQNT: Thank you for that information Rolf.
CarloCQNT: “For security purposes, may I please have the following: 1] Full name listed on the account 2] Service address 3] Account number”
Rolf: Rolf Kaiser, [my address], and I don’t have a clue what my account number is, but I got to this chat via logging in with my Comcast login so you should be able to find it.
CarloCQNT: Thank you for that information.
CarloCQNT: Would you mind waiting for 2 minutes so that I can do the research in my system and provide you with the appropriate information?
Rolf: ok
CarloCQNT: Thank you for patiently waiting.
CarloCQNT: Was the error been recurring?
Rolf: Did you even read the description? I have received 2 emails from you so far and need to know why.
CarloCQNT: Thank you for that information Rolf.
Rolf: Well?
CarloCQNT: I’m currently working on why there are emails sent to you about your security.
CarloCQNT: Please check the validity of your antivirus software.
CarloCQNT: I may give you the link for Norton Support Site, http://www.symantec.com/en/au/norton/support/index.jsp
Rolf: I already said that the Norton software, installed on each machine, is up to date! It was the second thing I said!
Rolf: Are you a human being?
CarloCQNT: I am Rolf, I’m verifying it.
CarloCQNT: Please manage your account about recieving spam mails, in Customer Central.
Rolf: This is NOT a spam issue. These mails, as I clearly said, come from Comcast, specifically, “Comcast Security Assurance”, csa-noreply@comcast.net. Surely you’re not considering these security alerts to be “spam”, are you?
CarloCQNT: Alright, thank you for that information.
CarloCQNT: Thank you for patiently waiting Rolf.
Rolf: I don’t have any more time for this. I will have to get on the phone and call customer support in the morning. For the record, this chat has been 100% useless.
CarloCQNT: The email may be an alert for your security software service availability, a protocol to keep your system secured.
Rolf: That is meaningless. Just tell me why I am getting this email. Am I running listeners on unusual ports? I am hosting high-traffic websites? (The answer to both is “no”). What is it that makes you think I am infected with a “bot”?
CarloCQNT: Have you checked for malwares in your system?
Rolf: I run scheduled full-system scans, as well as “on demand” scanning on all 4 PCs. So the chance of any of them having any undetected malware is minimal. Why won’t you answer my question – why do you think I have a bot? If you give me the technical details of the traffic you’re seeing, that would indicate this, then I can track it down!
CarloCQNT: Thank you for that information.
CarloCQNT: We cannot have access to your computer, only our internet connection.
Rolf: Of course I realize that – that’s why I said “give me the technical details of the traffic you’re seeing”. Are you sure you’re a human? Based on this conversation, I am pretty sure the only “bot” here is you.
CarloCQNT: I recommend you contact your computer technician for the problem.
Rolf: Good grief. Well, at least I know the apocalypse from the Terminator movies isn’t going to hit anytime soon. Skynet has a long way to go before we have to worry about it.
Rolf: By the way that was a joke. But you won’t get it since you’re a bot.
The whole thing took over an hour, due to the long delays between messages from “Carlo”, which leads me to the second conclusion that current bots are also too slow to take over the world.
Update 8/7: After leaving pretty pointed feedback during the post-chat survey, I got a call the next day from a real person at Comcast Support. The person I spoke to was very professional and gave me the straight answers I was looking for – specifically she told me what bots they thought they were seeing traffic from (it was Conficker, which is a pretty old one so that was surprising), and what times they saw the traffic occurring. I told her that if they just put that information in the alert email (or at a link off it), then their customers could have debugged it themselves. She gave a rather lame answer to the effect that Comcast, as a policy, didn’t publicize that sort of information. It’s not clear to me why any of that would be sensitive information though.
One other comment she made was that she didn’t think highly of Norton Security, which was provided by Comcast, for finding malware like bots. She recommended Spyware Search and Destroy as it seemed more thorough, which I will check out.