For the last couple weeks, every few days I get an injected popup from xfinity saying I may have a bot on my network. I logged into my xfinity account and sure enough, it has been sending an email about this every few days since May 25. I've upgraded all my firmware to the latest, run complete virus scans on every machine, rebooted everything. I'm aware of VPNFilter.
I called in to Comcast tech support to try to get more information (e.g. if there is a bot calling out to a particular domain name or IP address, let me know what that is, so I can track where it's coming from at my security gateway). Unfortunately, the customer support person, after taking all my information and (supposedly) talking to network security on the side, said "thanks for the info about a phishing attempt, goodbye." Wow.
My hardware of interest is: Motorola SB6183 cable modem, and my router is the Unifi USG security gateway (which isn't vulnerable to VPNFilter, as far as I can tell).
Text of the messages:
"Xfinity detected some not-so-great software. One or more of your devices may have been infected with a bot. Don't worry—you're just a few steps away from sorting it out."
"Notice from Comcast Customer Security Assurance
This email confirms your acknowledgement of in-browser security notifications from Comcast. We are committed to providing a safe online experience for you.
Click the button below to learn more about Xfinity Internet policies, and about how we detect bots on your devices."
"Action Required. We received an alert indicating that a router on your network has been affected by malware known as VPNFilter. This particular malware can potentially put your data and devices at risk.
What steps should you take? We’re committed to keeping you safe online, and strongly recommend that you reboot your modems/routers as soon as possible. You can do this by following your manufacturer’s instructions on how to update with the latest security patches. For additional instructions, please contact your device manufacturer for assistance.
We also recommend that you regularly update your password and security question, and complete routine scans of your devices for malware. You can download the current security programs here for free."