Fortune 1000 Companies Sending Spam, Phishing 117
An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"
That's inbound. I'm talking outbound. (Score:5, Informative)
But I wasn't originally talking about inbound connections. Blocking the outbound connections would cut off the spam coming from your network.
How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).
Re:Not suprising to me (Score:5, Informative)
For example, I've worked fairly frequently with a poor lady who was a salesman for a remote market. She lived there rather than near my office. Her email account got suspended at least once a week due to the fact that her laptop had syphilis, gonorrhea, warts, crabs, and just about every virus and worm known to man.
Phone walk-throughs just didn't help with this lady and the local ISP (mandated by accounting) blocked any ports that could be used to remotely administer her machine. Finally we had her fed-ex it to us for cleanup, wipe, and reinstall of a fairly-well locked down windows system with our (accountant selected) workstation antivirus app.
This cycle continued four or five times. Her Antivirus app somehow got disabled and her machine became Typhoid Mary. She shipped the Laptop back and we tried to lock it down as securely as possible.
Ultimately, we discovered that an internet cafe she frequented was infected with a particularly nasty spam-bot worm that our particular antivirus app didn't catch (An AnnaK variant, IIRC). We used this as evidence to override the accountant's selected cheapo antivirus with something that worked a little better.