Slashdot Mirror
Fortune 1000 Companies Sending Spam, Phishing
An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"
Once you consider how many americans are supposedly still on dial-up it stands to reason that some portion of the zombie bot-nets will be hosted on corporate americas computers instead of in the home.
My humor is probably your flamebait
finding stock spam being pumped from ExxonMobile
This is no spam, this is an actual stock push you insensitive clod!
Virtual Betting on Facebook for non-geeks.
Port 25 is usually for server to server SMTP transmissions.
If you're an end user, you should have a username/password and be using port 465 or 587 (or whatever your email admin setup).
That is why companies should block outgoing port 25 connections from everything except there own mail servers.
You are correct. All of those paths could lead to a workstation on your network being compromised. And you have great suggestions on how to protect them.
But I wasn't originally talking about inbound connections. Blocking the outbound connections would cut off the spam coming from your network.
How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).
This got me thinking. How many users are out there that know their computer was infected or screwed with while they were visiting a porn site, and are too afraid of getting fired (for looking at porn) to tell IT that something is wrong.
Food for thought.
Also, frequent laptop-toting business travelers (almost universally salesmen) also have more limited access to their local IT techs.
For example, I've worked fairly frequently with a poor lady who was a salesman for a remote market. She lived there rather than near my office. Her email account got suspended at least once a week due to the fact that her laptop had syphilis, gonorrhea, warts, crabs, and just about every virus and worm known to man.
Phone walk-throughs just didn't help with this lady and the local ISP (mandated by accounting) blocked any ports that could be used to remotely administer her machine. Finally we had her fed-ex it to us for cleanup, wipe, and reinstall of a fairly-well locked down windows system with our (accountant selected) workstation antivirus app.
This cycle continued four or five times. Her Antivirus app somehow got disabled and her machine became Typhoid Mary. She shipped the Laptop back and we tried to lock it down as securely as possible.
Ultimately, we discovered that an internet cafe she frequented was infected with a particularly nasty spam-bot worm that our particular antivirus app didn't catch (An AnnaK variant, IIRC). We used this as evidence to override the accountant's selected cheapo antivirus with something that worked a little better.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Isn't it a lot more likely that their Windows boxe(s|n) just got zombified?
You're probably right; spammers are among the most aggressive attackers and most of the F1000 have large distributed networks where a (hopefully) small number of systems are going to be vulnerable at any moment. On the other hand, these companies can and do pay for high quality and high capacity pipes. They are also far less suspect as a source of spam, and the ISPs will certainly be reluctant ($$) to take unilateral action to deal with suspect traffic (as some do with their residential customers.)
For all of these reasons F1000 hosts are many times more effective as spam zombies than your average asymmetric DSL host, so I have no problem with people exposing carelessness or neglect among these companies. They have the resources and talent to prevent this sort of abuse. If they're not, a little bad press might help. Earlier today we all learned that some 40+ million credit/debit card accounts got downloaded from commercial IT systems. I wouldn't be surprised to learn that those same companies have a long history of unwittingly contributing bandwidth to spammers.
Lurking at the bottom of the gravity well, getting old
I seriously hope you are being sarcastic. If I ran across a firewall admin on any corporate network allowing outbound 25 from anything but the corporate email servers I would suggest canning their asses in a heartbeat. It is just stupid on so many levels. First of all checking personal email from work should be on the top 10 things of "you aren't allowed to use the corporate network for this", beyond that, outbound 25 has precious little to do with that anyways, unless they are running an email server on the corporate network in which case that should be #0 on the list since #1 assumes that your employees aren't stupid enough to use your corporate resources to run personal servers, either way a good firing would fix that in a hurry. Honestly, since most corporate networks these days are using exchange boxes, they shouldn't even really be allowing outbound 25 from ANYTHING on the internal network. A good admin will have a secured relay be it part of the firewall or a sun box or something other than allowing the win/exchange boxes from talking directly to the net.
You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases. The enterprise network exists for the sole benefit of the enterprise. Personal email, instant messages, myspace, what the hell ever, has a risk that FAR outweighs any potential benefit. If your employees can't leave their email/myspace/im friends for 8hrs a day you should probably find employees who can. There is plenty of websurfing around that doesn't involve grotesque breeches of security to keep people entertained while they are being productive. If the company is paying you so little that you can't afford your own internet access you should probably find a new job.
The only change I can believe in is what I find in my couch cushions.
The PC hadn't been turned on in about 6 months. Apparently the dude who I was replacing was into Russian brides and err, certain types of ethnic pr0n, and had got the sack for various dodgy reasons 6 months prior to my instalment. Anywho, in the 6 months that this computer was un-manned, my company installed Norton across all other PC's.
My 2nd day was interesting, when I first turned on the computer. EVERYONE who had the Norton running detected all sorts of network worms and virusiis's (:P) the second I'd booted into Win XP. I thought,
"Oh crap, here we go. Time to clean up this mess..."
and began a search for *.jpg. Kapow, tonnes of hairy pr0n, selected all and shift deleted.
Next, it was time to install the company antivirus software, which was Norton. The next couple of days were spent trying to free my infected system of all sorts of goodies. I started by enabling the Norton Mail Monitor, and oh my, how funny!
"Scanning out going mail, Scanning out go-Scanning out going mai-Scaning out g-Scan"
The WHOLE screen filled up with Norton "scanning out going mail" boxes, like, 100's of them. This was my first job outside of the IT industry, and a big WELCOME TO THE REAL WORLD for me. So yes, what's the point of my story? Well, Russian brides are hairy. OH, and not all companies have IT departments, let alone competent IT staff who can source and cease zombie machines from operating.
Corrupt
Corrupt: Remaking Modern Society
Actually, here's another thought for you: how many got pwned by other means, but are affraid that some "lusers are idiots" type will blame it on porn? I've only skimmed through the thread and I already see two blanket generalizations to the effect that, respectively, (A) infections come from porn surfing, and (B) the user is lying through his teeth if he's saying otherwise.
The fact is, there are so many ways to get pwned today, it's not even funny. Email attachments, trojan programs packed as some cutesy screen server or utility you can download, phishing-like schemes where you're sent to a page chock-full of IE exploits, warez sites (tend to be worse than porn as infection risk goes), spyware serving ads with exploits in them, or rarely a genuine site or ad provider getting pwned and helping spread exploits (don't assume that _only_ spam zombies can possibly ever get installed when security is breached), etc.
Yes, you can say that they should have known better, but it's still not porn. And it sometimes comes with the endorsement, real or faked by a trojan who took over a friend's address book, of someone they know. E.g., every company has a wiseguy or two setting up some jokes mailing list and forwarding there anything he receives, indiscriminately, including links to other sites. And by indiscriminately, I mean here one even managed to forward a couple of business emails to that list.
Then there are malicious insider jobs. There are cases of sheer idiocy on the part of some techie or programmer or PHB. (You can occasionally read advice even on
A polar bear is a cartesian bear after a coordinate transform.
You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases.
That's a classic example of IT narrowmindedness. If the employees no longer care, no technical measures will secure your data. Security is everybody's business, not just yours. People will naturally protect that which they care about. No morale = no security.
As you seem to be from the school of "a good firing will fix anything". Hopefully for your own sake your boss wises up and uses a 'good firing' to adjust your attitude, because I doubt anything else will penetrate that skull.