On Tue, May 01, 2012 at 12:26:20PM +0000, Livingood, Jason wrote:
At Comcast we have done the following: - Sent emails - Send postal mail - Left voicemail - Used automated outbound calling - Used increasingly persistent web browser notifications
This is a reply to you, but it's intended to be directed at everyone who runs a consumer network, since zombies are everywhere. Why haven't you cut these obviously-infected systems off entirely? They no longer belong to their putative owners in any meaningful sense: oh, they might be in their homes, sitting on their desktops, but they're owned, operationally, by parties unknown -- botmasters and anyone that they're renting them out to. The only use your customers are making of them is that which they are *permitted* to do by the largesse of their new owners, who of course find it convenient to maintain the illusion because it encourages the former owners to keep them switched on and plugged into your network. (And given that your customer is not using their own system any more, there's no reason to believe that its new owners will permit them to see any email you send or any web browser notifications you emit. I'm sure if these become prevalent, not just at Comcast but among other major ISPs, the botmasters will pay someone to do the coding necessary to suppress them, and then propagate that code to all their bots.) This isn't to say that what you're doing isn't well-intentioned: it is. And it's a lot more than many others are doing. But if it was going to work, it would have worked by now. ---rsk