Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exposing Bots In Big Companies

Posted by kdawson on from the pwned dept.

CalicoPenny let us know about yet another "30 days" effort, this one to name the names of major companies infected with spam-spewing bots. Support Intelligence began the effort on March 28, out of frustration at not being able to attract the attention of anyone who could fix the problems at these companies. While they haven't named 30 companies over the ensuing month, they did name some prominent ones, such as Thompson Financial, Bank of America, and AIG. The scary part is that if a bot can spam it can capture keystrokes or troll for interesting documents.

3 of 113 comments (clear)

  1. Re:Class Action risk for using Microsoft's Product by techno-vampire · · Score: 3, Informative

    Some Linux distros have automatic online updating. Unlike Microsoft, they put out updates as soon as they have them instead of waiting for a monthly cycle. I remember one afternoon my system downloaded about a dozen updates, then, just after the updater finished, it checked again and found four more. If your company is using one of those distros, those 100,000 desktops will patch themselves within a few hours after it becomes available.

    --
    Good, inexpensive web hosting
  2. Re:Not surprising... by Anonymous Coward · · Score: 1, Informative

    Admin access on a PC and getting out to the internet on port 25 are two completely different things.
    It comes down to a model of seperation and trust and applying policies at the proper place, not trust as in trust the users but trust the workstations and what is plugged into your network. Spyware, bots, viruses etc are the reason you should never trust a computer on the network, it does not matter whether you trust the user of that computer or not. The network engineer or a developer does not need port 25 outgoing either, if there is a time when it is needed for testing or troubleshooting, provide a specific machine to that user or unblock port 25 for an hour or so. If you are creating an application that interfaces with mail and you need outgoing port 25 all the time, provide one workstation that ability. Basically, at the network level, you give various computers the bare minimum access they need to the outside and this should be the standard practive across the board. If it is not, your company will need to seek outside consultants to help pull your head out of your ass. If the companies IT management is weak and can not get through to the decision makers, make sure your concerns about security are noted and sit back and wait for the shit to hit the fan. If the IT management is weak and does not bring up a security plan to the decision makers, enjoy the ride while it lasts and sit back and wait to be fired.

  3. Re:Good to see the word getting out. by Deagol · · Score: 2, Informative

    Just log all internal IPs trying to hit external IPs on port 25 (except your mail servers, of course). That's pretty much it. If it's an NT domain, you can search the authentication logs for the IP to get a pretty good idea of who sits at the machine. Proceed accordingly. Don't fart around with disinfecting -- wipe, reinstall, and lock down.

    --
    Method of processing duck feet