[afhof]

Cox does something similar but bypasses the the DNS records and just slipstreams in a response. I noticed Cox would redirect javascript requests to their own HTTP server and put in their own snippets, effectively doing mass javascript injection.

The snippet ended up being some sort of alert about upcoming maintenance, but using a malicious technique for a benign purpose is the path to the dark side. Use HTTPS!

(I use 8.8.8.8, it didn't help)

[RKearney]

Comcast also injects JavaScript into HTML responses if they feel the need to send you a message.

Here's the code they use: https://gist.github.com/ryankearney/4146814

And here's my (extremely short) writeup on it: http://blog.ryankearney.com/2013/01/comcast-caught-intercept...

[venomsnake]

Isn't that CFAA abuse on their side?

[jamesbritt]

I had this happen to me and it pushed me to use a vpn for all personal Web traffic.

[ihsw]

Rogers (Canada's Comcast) does the same thing, but for warning you about your bandwidth usage.