Reply
Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Suspected "bot" Activity email from Comcast

I have now received two worthless emails from Comcast, that say I have suspected bot activity from one of my computers, that give no information about what that activity is.  

I have many devices that are in constant communictaion with servers such as TiVos, VOIP telephone systems, a smart TV, iPAD, Motorola XOOM, smartphone, Kindle, etc.  I have reserved IP addresses for 42 devices although many are turned off most of the time.  My operating systems are up to date.  I assume that Norton Security keeps itself up to date.  The older operating systems use Microsoft Security Essentials instead of Norton because I suspect Comcast would be unhappy if I put Norton on 10 computers.  

I assume that all of the communications from my IP address to various servers is what they are detecting as "bot" activity.

If that is not the case how do I get Comcast to provide some actual activity data instead of a worthless email?

 

Gold Problem Solver
BruceW
Posts: 7,887
Registered: ‎12-03-2007

Re: Suspected "bot" Activity email from Comcast

Have you called Comcast Security? 1-888-565-4329 (6am-2am Eastern time), http://security.comcast.net/get-help/contact-comcast-security.aspx.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

I also received an email, but have scanned all machines with 4 differant scanners and nothing was found.

 

You can get more information on what was detected here: https://amibotted.comcast.net/authorized.html

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote:

I also received an email, but have scanned all machines with 4 differant scanners and nothing was found.

 

You can get more information on what was detected here: https://amibotted.comcast.net/authorized.html


Thanks for the link.

 

I did a Google search for what they found (RK_Pihar_Group) and the only hits were from Comcast customers  complaining about the exact same thing and being asked to purchase Comcast's "fix it" service.

 

I scanned the three computers that were on at the time and found nothing.

 

I am more convinced than ever that Comcast has no clue and is detecting the continuous activity from my internet devices (not computers) as bot activity.

 

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

That's the same bot they say I have.

 

Do you have Constant Guard installed?  I don't.

Do we need to have it installed to get the emails?

 

All this started when I got a new IP address from Comcast last week.  I'm wondering if they have the wrong IP reporting the bot.  I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow.  All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote:

That's the same bot they say I have.

 

Do you have Constant Guard installed?  I don't.

Do we need to have it installed to get the emails?

 

All this started when I got a new IP address from Comcast last week.  I'm wondering if they have the wrong IP reporting the bot.  I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow.  All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.


I do not have constant guard installed and I got two emails so far.

I do have Norton Security Suite 6.3.0.14 installed.

 

The time given is

 

2012-09-02 06:24:54 Local Time

 

They don't even know how to display time.  That could be AM or PM.  24 hour time should not have colons (:smileyhappy: between the numbers.

 

The alert message came at 2:05 PM on 9/2 so I guess it has to be an AM time.  My main computer would not be turned on at that time of the morning.

 

Gold Problem Solver
BruceW
Posts: 7,887
Registered: ‎12-03-2007

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote: ... Constant Guard ... Do we need to have it installed to get the emails? ...

No. Comcast unwisely chose to use the name "Constant Guard" to refer to two different things: software that runs on your computer, and a separate system that runs on Comcast servers and monitors customer modem traffic looking for "bot-like activity". The emails come from that second "Constant Guard" system.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

LOL.  That just confuses the end user!

Security Expert
USAF_E-8_RET
Posts: 5,216
Registered: ‎10-28-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

gdio53 wrote:

LOL.  That just confuses the end user!


Are you also aware that Norton Security Suite is branded Constant Guard fro Xfinity?  Comcast is super ate up with their Constant Guard this and that and supposedly all things pertaining to security put out by Comcast, or is it Xfinity now (?) is brandeed Constant Guard.
The orignial Constant Guard pertained to the Bot detection and notifications and can not be opt out of - just something folks have to live with.  I do believe it is a good program and something an ISP should provide.
Then Comcast (Xfinity) decided that they would take programs from other companies and make a "Constant Guard Protection Suite"  which in most cases duplicates the Norton Security Suite which they then decided to brand as Constant Guard from Xfinity in large letters with a small Norton Security Suite label in the upper left hand corner of the main page.
Actually, it is all one big confusing situation and IMHO Comcast (Xfinity) would have been far better off trying to be a very good ISP, rather than trying to provide a protection suite when they already had a security program with Norton.
 End of my rant!

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

Yes, I knew that Comcast offered NSS as part of Constant Guard, but you can install download and install NSS without the rest of their offerings: http://us.norton.com/support/comcast.jsp?pvid=nsce_1&layout=Comcast

 

Constant Guard has a lot more than NSS in the package: http://xfinity.comcast.net/constantguard/Products/CGPS/?cid=NET_33_600

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast

Do any of those who have posted in this thread with the same problem have Apple computers?

 

Based on the times given by the bot check website it is happening when my MacBook Air running the Mountain Lion operating system is in use.  The only recent program on that machine is the Vienna RSS reader which goes out and reads six RSS feeds when the program is started.

 

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

No, I'm running on 3 PCs. On addition, I have 2 TVs, 2 BlueRay players, 1 smartphone, and 1 PDA connected to the internet.

 

I checked https://amibotted.comcast.net/authorized.html late last night, and nothing was showing, I just checked and it shows activity at 6:30 this morning, which is whan I turned on my phone.

 

I ran all the scans I could on the 3 PCs, and nothing showed up.  I did install RUBotted: http://download.cnet.com/RUBotted/3000-2162_4-10977404.html on the 3 machines yesterday, and it hasn't shown anything suspicious.

 

I suspect Comcast sees my phone activity as a bot, as the phone checks several email accounts, Facebook, Twitter, LinkedIn, and other online links when it powers up.

 

I'll keep tracking the time the bot activity is reported and see if there's a link to the time I power up the phone.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

Got another email today!

 

I called Comcast Security and talked to them for 15-20 minutes.  Explained all the scans I did, how my router is locked down, etc.  He had no recommendations and said my network was as secure as it could be.

 

I also told them that I recently received a new IP address and the bot activity emails started about the same time.  He said that the server that monitors bot activity isn't up to date and doesn't report in real time.

 

I cloned another MAC address into my router, reset the modem, and received a new IP; checked the Am I Botted site and it shows the new IP is clear. I'll check over the next few days to make sure it stays clean; if it does, then it was a false positive based on the new IP address.

New Visitor
propita
Posts: 2
Registered: ‎09-04-2012

Re: Suspected "bot" Activity email from Comcast

I just got off the phone with comcast, activating my new modem.  I started having connectivity problems a bit more frequently and comcast had stated months ago that it could be my modem.  Maybe.  The thing was almost 10 years old.  

 

Anyway, right after that, I got the "you may have a bot" email.  I'm running an imac, a macbook, ipad, and a dell.  I have comcast's Norton.  

 

Anybody think I should be concerned?  The "Constant Guard" comcast is touting, is it free like Norton?

Contributor
Posts: 18
Registered: ‎12-16-2007

Re: Suspected "bot" Activity email from Comcast

I got the same email from them on the bot and when they told be the date and time I just laughed.  We were out of town, all the computers and the modem were powered OFF.  The only thing I was using was my iPad and that was through another secure service on the east coast.  Go figure.  Being on a Mac, I couldn't complete the steps they told me as the software is not compatable with my OS.  

Bronze Star Contributor
edwardp
Posts: 192
Registered: ‎07-03-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

Received one of those e-mails Saturday. I use Linux here - which can't be infected by bots.

 

I suspect the traffic it seems to be detecting is coming from individual web sites and pop-ups/unders, not the computer, plus the time it said activity was 'detected', all of my computers and smartphones were powered off for the evening.

 

 

 

 

Contributor
Posts: 8
Registered: ‎03-16-2010

Re: Suspected "bot" Activity email from Comcast

How does anyone take these alerts seriously?  Going to Comcast and looking up the FAQs on bots get an error message:

"ReferenceError._gat is not defined"  After all this time, you wouldn't think a functional website would be beyond reach.

No, we don't use Comcast or Constant Guard Toolbar, or for that matter Norton toolbar, never use Comcast home page or webmail unless forced.  It's junk. 

 

Bot activity emails are spam untill and unless they contain concrete actionable items.  If bots aren't covered by your software, say so.  Otherwise i

Security Expert
USAF_E-8_RET
Posts: 5,216
Registered: ‎10-28-2003

Re: Suspected "bot" Activity email from Comcast

Hi tmwellington,

 

I just verified the links in the following information are still active and may assist you:

 

http://forums.comcast.com/t5/Security-and-Anti-Virus/What-do-I-do-if-I-receive-a-BOT-notification/m-...

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Gold Problem Solver
BruceW
Posts: 7,887
Registered: ‎12-03-2007

Re: Suspected "bot" Activity email from Comcast


tmwellington wrote: How does anyone take these alerts seriously?  Going to Comcast and looking up the FAQs on bots get an error message: "ReferenceError._gat is not defined"  ...

Sad, isn't it? I get that on http://constantguard.comcast.net/education-help/bot-assistance if I click any of the "FAQs" links. The "Read More FAQs" link is especially whacky.


... Bot activity emails are spam untill and unless they contain concrete actionable items. ...

Three years ago Comcast asked for customer suggestions for the bot notification system at http://forums.comcast.com/t5/Security-and-Anti-Virus/Bot-Education/m-p/1080895 . "Actionable information" was suggested early and often. We're still waiting.

 

Earlier this summer they posted two pilot programs that might help, though it's too soon to tell: http://forums.comcast.com/t5/Security-and-Anti-Virus/Malware-Alert-Received-Consider-joining-our-new... and http://forums.comcast.com/t5/Security-and-Anti-Virus/Comcast-Malware-Detection-Service-Customer-Tria...

 

Still, if you're getting notices, do what you can to check it out. They might be false positives, but then again, there might be a problem. And the last thing we need is larger botnets.

New Visitor
krobglenn
Posts: 4
Registered: ‎02-20-2013

Re: Suspected "bot" Activity email from Comcast

I've been getting these emails since Thursday 9/4. Going to https://amibotted.comcast.net/ shows Rerdom_CriminalFinancial_Asprox and Kovter_Generic. 

 

After shutting down several networked devices and thoroughly scanning all Windows PC with multiple antivirus and antimalware products (nothing found), amibotted continues to show activity.  I also have Trend Micros RUBOTTED software installed showing no activity since Thursday.  The last two detection times on amibotted correspond to when I turned an xbox 360 on.

 

Given the reports on this forum, and similar reports at http://www.bleepingcomputer.com/forums/t/547159/constant-guard-reporting-bots/ I suspect that Comcast did some recent upgrade with their network security bot detection services and many of us are getting hit with false positives.  The other possibility is a very subtle, very wide spread set of bots that have gone undetected for a long time are are just now being detected.

 

 

Visitor
BentleyCAD
Posts: 3
Registered: ‎09-09-2014

Re: Suspected "bot" Activity email from Comcast

I posted what I did in another bot topic on this site.

 

I too got the email on Saturday about being botted it must be the day they send those out.


Either way long story short I scanned with about 6-8 different scanners.

 

Microsoft Security Essentials was the only one that actually found the TDSS Alueron.M on my system and removed it. This sucker can hide! I did also manually look on the computer and found non of the typical entries that comes with the virus, not even sure when it ran because there was no processes for it running, also replaced Host file as well.

 

I am botted showed clean this morning fingers crossed that when I get home tonight it's still the case.

 

Running MSE agian tonight just to be sure. FULL SCAN was the only one that worked for me.

 

Strange how this got past my Norton..must be time for new security if I can't rely on norton to catch this stuff.

New Visitor
Sam00
Posts: 3
Registered: ‎09-09-2014

Re: Suspected "bot" Activity email from Comcast

FYI: visiting alibaba.com or aliexpress.com from PC, constant guard generates bot alert . Not sure why!!!!
Official Employee
cc_adame
Posts: 334
Registered: ‎09-13-2010

Re: Suspected "bot" Activity email from Comcast

Please see the following thread. Apologies for the delay...

 

http://forums.comcast.com/t5/Security-and-Anti-Virus/Update-about-recent-ConstantGuard-Bot-Notificat...

--
Adam
Comcast National Engineering // Customer Protection Team