Fortune 1000 Companies Sending Spam, Phishing
Posted by
CowboyNeal
on Thu Mar 29, 2007 11:22 PM
from the unwitting-accomplices dept.
from the unwitting-accomplices dept.
An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"
This discussion has been archived.
No new comments can be posted.
Fortune 1000 Companies Sending Spam, Phishing
|
Log In/Create an Account
| Top
| 117 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Ratio of broadband vs dial-up (Score:5, Insightful)
Companies can restrict outbound port 25 connects. (Score:4, Insightful)
But why aren't these companies correctly firewalled? Why do they allow machines other than their email servers to make outbound port 25 connections?
Why aren't their logs monitored? Wouldn't this be easy to spot?
Even with the resources of the biggest companies, their people cannot keep their machines clean or even stop them from sending spam. Who knows what else. A spam zombie can just as easily log network traffic, passwords and anything else on their wires.
They have usernames/passwords, right? (Score:5, Insightful)
If you're an end user, you should have a username/password and be using port 465 or 587 (or whatever your email admin setup).
That is why companies should block outgoing port 25 connections from everything except there own mail servers.
That's inbound. I'm talking outbound. (Score:5, Informative)
But I wasn't originally talking about inbound connections. Blocking the outbound connections would cut off the spam coming from your network.
How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).
Re:Companies can restrict outbound port 25 connect (Score:5, Insightful)
(Last Journal: Thursday February 09 2006, @01:35PM)
You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases. The enterprise network exists for the sole benefit of the enterprise. Personal email, instant messages, myspace, what the hell ever, has a risk that FAR outweighs any potential benefit. If your employees can't leave their email/myspace/im friends for 8hrs a day you should probably find employees who can. There is plenty of websurfing around that doesn't involve grotesque breeches of security to keep people entertained while they are being productive. If the company is paying you so little that you can't afford your own internet access you should probably find a new job.
Re:Companies can restrict outbound port 25 connect (Score:5, Insightful)
That's a classic example of IT narrowmindedness. If the employees no longer care, no technical measures will secure your data. Security is everybody's business, not just yours. People will naturally protect that which they care about. No morale = no security.
As you seem to be from the school of "a good firing will fix anything". Hopefully for your own sake your boss wises up and uses a 'good firing' to adjust your attitude, because I doubt anything else will penetrate that skull.
Not suprising to me (Score:1)
(http://www.wikipedia.com/)
Re:Not suprising to me (Score:5, Informative)
For example, I've worked fairly frequently with a poor lady who was a salesman for a remote market. She lived there rather than near my office. Her email account got suspended at least once a week due to the fact that her laptop had syphilis, gonorrhea, warts, crabs, and just about every virus and worm known to man.
Phone walk-throughs just didn't help with this lady and the local ISP (mandated by accounting) blocked any ports that could be used to remotely administer her machine. Finally we had her fed-ex it to us for cleanup, wipe, and reinstall of a fairly-well locked down windows system with our (accountant selected) workstation antivirus app.
This cycle continued four or five times. Her Antivirus app somehow got disabled and her machine became Typhoid Mary. She shipped the Laptop back and we tried to lock it down as securely as possible.
Ultimately, we discovered that an internet cafe she frequented was infected with a particularly nasty spam-bot worm that our particular antivirus app didn't catch (An AnnaK variant, IIRC). We used this as evidence to override the accountant's selected cheapo antivirus with something that worked a little better.
maybe (Score:2, Insightful)
(http://freedomsforums.com/)
ExxonMobile (Score:5, Funny)
(http://xmoo.com/)
This is no spam, this is an actual stock push you insensitive clod!
Big surprise (Score:2, Flamebait)
(http://www.infinadyne.com/)
Perhaps computers meant to be used as email appliances should really be email appliances rather than general purpose programmable (and repurposeable) computers.
The alternative to this is to figure out a way to make sure that it is impossible for users to ever install anything on their computer that will compromise it. Sounds impossible to me. Making an idiot-proof email application is just a stopgap until someone comes along with a better idiot.
Re:Big surprise (Score:5, Interesting)
Food for thought.
Actually, here's the complementary thought (Score:5, Interesting)
(Last Journal: Monday June 21 2004, @04:25PM)
Actually, here's another thought for you: how many got pwned by other means, but are affraid that some "lusers are idiots" type will blame it on porn? I've only skimmed through the thread and I already see two blanket generalizations to the effect that, respectively, (A) infections come from porn surfing, and (B) the user is lying through his teeth if he's saying otherwise.
The fact is, there are so many ways to get pwned today, it's not even funny. Email attachments, trojan programs packed as some cutesy screen server or utility you can download, phishing-like schemes where you're sent to a page chock-full of IE exploits, warez sites (tend to be worse than porn as infection risk goes), spyware serving ads with exploits in them, or rarely a genuine site or ad provider getting pwned and helping spread exploits (don't assume that _only_ spam zombies can possibly ever get installed when security is breached), etc.
Yes, you can say that they should have known better, but it's still not porn. And it sometimes comes with the endorsement, real or faked by a trojan who took over a friend's address book, of someone they know. E.g., every company has a wiseguy or two setting up some jokes mailing list and forwarding there anything he receives, indiscriminately, including links to other sites. And by indiscriminately, I mean here one even managed to forward a couple of business emails to that list.
Then there are malicious insider jobs. There are cases of sheer idiocy on the part of some techie or programmer or PHB. (You can occasionally read advice even on
Re:Actually, here's the complementary thought (Score:5, Insightful)
(http://projectdream.org/)
It's very hard to maintain an open attitude when working in IT. Especially when you're doing Internal IT only (i mostly work for our customers, and do our internal IT as a side job).
People fuck up, and are afraid of the consequences when they fucked up - thus they will try to find something else to blame.
IT People fuck up too, and are afraid of the consequences when they fucked up - thus they try to find someone else to blame.
The consequences are that Users and IT People don't trust each other. And this is bad, very bad.
IT is something to make your users more productive, and help them to get their work done faster. A restrictive policy usually won't help you with that. My company has a very open IT policy - and i think it helps with both morale and problem resolution.
We even allow our employees to plug their own laptops into the company network. Yes, it's risky. But the problems incurred and benefits reaped are a better than properly securing this (e.G. buying 802.1x switches and segmenting clients into VLANs according to their identification).
Remember - IT is an internal service to make the company work better. IT is not an end, it's a means to achieve an end faster. You as an IT guy should think about "how do we get our employees to be more productive" and not "how do we restrict them as much as possible so that i can sit around and read dilbert all day long".
Make them pay! (Score:2, Interesting)
I guess (Score:2, Funny)
(Last Journal: Friday November 09, @01:36AM)
These same guys INVENTED spam.. (Score:2, Insightful)
(http://www.corrupt.org/)
Reminds me of when I first started my current job, (Score:5, Interesting)
(http://burningfeetman.googlepages.com/home)
My 2nd day was interesting, when I first turned on the computer. EVERYONE who had the Norton running detected all sorts of network worms and virusiis's (:P) the second I'd booted into Win XP. I thought,
"Oh crap, here we go. Time to clean up this mess..."
and began a search for *.jpg. Kapow, tonnes of hairy pr0n, selected all and shift deleted.
Next, it was time to install the company antivirus software, which was Norton. The next couple of days were spent trying to free my infected system of all sorts of goodies. I started by enabling the Norton Mail Monitor, and oh my, how funny!
"Scanning out going mail, Scanning out go-Scanning out going mai-Scaning out g-Scan"
The WHOLE screen filled up with Norton "scanning out going mail" boxes, like, 100's of them. This was my first job outside of the IT industry, and a big WELCOME TO THE REAL WORLD for me. So yes, what's the point of my story? Well, Russian brides are hairy. OH, and not all companies have IT departments, let alone competent IT staff who can source and cease zombie machines from operating.
(contractor at one of its power generator plants) (Score:2, Funny)
Good bye erection dysfunction (Score:4, Funny)
(http://www.realitynews.com/)
Corrupt [corrupt.org]
Maybe it's time (Score:2, Interesting)
(http://127.0.0.1/ | Last Journal: Saturday August 04, @07:40AM)
Is the corporation centralized? (Score:3, Insightful)
1 - Is the entire corporation's IT department centralized? HP is a F1000 company - is HP and Compaq's computer networks fully merged? Or for Citigroup, is the old Citicorp network fully merged with the Travelers network? Or were Travelers Salomon Brothers and Smith Barney networks merged before that? And so forth. Wal-Mart's corporate network is probably standardized, but a lot of companies are the resut of many mergers over the years. Or some companies are just of a type where different divisions are very different so there is no or not much centralized corporate IT.
2 - Does the corporation have a global network? Global multi-national corporations have computers all over the world, and it can be hard to have a standard network in New York, Tokyo and London (etc.) New York and Tokyo may be solid, but London may be open to problems etc.
When I grow up (Score:1)
Interesting.... (Score:1)
(http://pod.ath.cx/)
in many different locations (I'm literally in a different office every day of the
work week) and people being allowed to have their own equipment on the network
with only Symantec corporate edition between them and the network it's a strange
experiment. The vast majority of infections I see coming onto our network is
from people surfing....unsavory sites....from home in their off hours.
But I wonder if this particular revelation will lead to interesting lawsuits
against the large corporations from those who dislike spam leading to increased
vigilance of the IT groups of those companies (firewalled subnet for guest
contractors or others who bring their own equipment onto the network).
Food for thought.
Mod title -1 Troll (Score:1)
Re:Never attribute to malice... (Score:1, Insightful)
Re:Never attribute to malice... (Score:5, Insightful)
You're probably right; spammers are among the most aggressive attackers and most of the F1000 have large distributed networks where a (hopefully) small number of systems are going to be vulnerable at any moment. On the other hand, these companies can and do pay for high quality and high capacity pipes. They are also far less suspect as a source of spam, and the ISPs will certainly be reluctant ($$) to take unilateral action to deal with suspect traffic (as some do with their residential customers.)
For all of these reasons F1000 hosts are many times more effective as spam zombies than your average asymmetric DSL host, so I have no problem with people exposing carelessness or neglect among these companies. They have the resources and talent to prevent this sort of abuse. If they're not, a little bad press might help. Earlier today we all learned that some 40+ million credit/debit card accounts got downloaded from commercial IT systems. I wouldn't be surprised to learn that those same companies have a long history of unwittingly contributing bandwidth to spammers.
Re:Never attribute to malice... (Score:2)
(Last Journal: Tuesday April 12 2005, @11:12PM)
Having botnets composed by home users with their hobby pcs is bad enough, now when that botnet have a good numbers of PCs with priviledged info/access inside is far worser.