Fortune 1000 Companies Sending Spam, Phishing 117
An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"
Re:Companies can restrict outbound port 25 connect (Score:3, Interesting)
Make them pay! (Score:2, Interesting)
Re:Big surprise (Score:5, Interesting)
Food for thought.
Re:They have usernames/passwords, right? (Score:1, Interesting)
Re:That's inbound. I'm talking outbound. (Score:2, Interesting)
In addition to the normal security setup each computer had an additional program on it. The function of the program was to reset the contents of the computer to that of a default image every single time it was rebooted.
While that is not at this point in history enough on its own as some things can apparently now get into the firmware and it does nothing to prevent malware getting on between boots, it does make it that much slower for any sort of spyware or spam programs to get on there as well as limiting the stay in most cases to under a day.
Reminds me of when I first started my current job, (Score:5, Interesting)
My 2nd day was interesting, when I first turned on the computer. EVERYONE who had the Norton running detected all sorts of network worms and virusiis's (:P) the second I'd booted into Win XP. I thought,
"Oh crap, here we go. Time to clean up this mess..."
and began a search for *.jpg. Kapow, tonnes of hairy pr0n, selected all and shift deleted.
Next, it was time to install the company antivirus software, which was Norton. The next couple of days were spent trying to free my infected system of all sorts of goodies. I started by enabling the Norton Mail Monitor, and oh my, how funny!
"Scanning out going mail, Scanning out go-Scanning out going mai-Scaning out g-Scan"
The WHOLE screen filled up with Norton "scanning out going mail" boxes, like, 100's of them. This was my first job outside of the IT industry, and a big WELCOME TO THE REAL WORLD for me. So yes, what's the point of my story? Well, Russian brides are hairy. OH, and not all companies have IT departments, let alone competent IT staff who can source and cease zombie machines from operating.
Maybe it's time (Score:2, Interesting)
Actually, here's the complementary thought (Score:5, Interesting)
Actually, here's another thought for you: how many got pwned by other means, but are affraid that some "lusers are idiots" type will blame it on porn? I've only skimmed through the thread and I already see two blanket generalizations to the effect that, respectively, (A) infections come from porn surfing, and (B) the user is lying through his teeth if he's saying otherwise.
The fact is, there are so many ways to get pwned today, it's not even funny. Email attachments, trojan programs packed as some cutesy screen server or utility you can download, phishing-like schemes where you're sent to a page chock-full of IE exploits, warez sites (tend to be worse than porn as infection risk goes), spyware serving ads with exploits in them, or rarely a genuine site or ad provider getting pwned and helping spread exploits (don't assume that _only_ spam zombies can possibly ever get installed when security is breached), etc.
Yes, you can say that they should have known better, but it's still not porn. And it sometimes comes with the endorsement, real or faked by a trojan who took over a friend's address book, of someone they know. E.g., every company has a wiseguy or two setting up some jokes mailing list and forwarding there anything he receives, indiscriminately, including links to other sites. And by indiscriminately, I mean here one even managed to forward a couple of business emails to that list.
Then there are malicious insider jobs. There are cases of sheer idiocy on the part of some techie or programmer or PHB. (You can occasionally read advice even on