Exposing Bots In Big Companies

CalicoPenny let us know about yet another "30 days" effort, this one to name the names of major companies infected with spam-spewing bots. Support Intelligence began the effort on March 28, out of frustration at not being able to attract the attention of anyone who could fix the problems at these companies. While they haven't named 30 companies over the ensuing month, they did name some prominent ones, such as Thompson Financial, Bank of America, and AIG. The scary part is that if a bot can spam it can capture keystrokes or troll for interesting documents.

Re:Class Action risk for using Microsoft's Product

[techno-vampire]

Some Linux distros have automatic online updating. Unlike Microsoft, they put out updates as soon as they have them instead of waiting for a monthly cycle. I remember one afternoon my system downloaded about a dozen updates, then, just after the updater finished, it checked again and found four more. If your company is using one of those distros, those 100,000 desktops will patch themselves within a few hours after it becomes available.

Re:Good to see the word getting out.

[Deagol]

Just log all internal IPs trying to hit external IPs on port 25 (except your mail servers, of course). That's pretty much it. If it's an NT domain, you can search the authentication logs for the IP to get a pretty good idea of who sits at the machine. Proceed accordingly. Don't fart around with disinfecting -- wipe, reinstall, and lock down.