Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fortune 1000 Companies Sending Spam, Phishing

CowboyNeal posted more than 7 years ago | from the unwitting-accomplices dept.

Spam 117

An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"

Sorry! There are no comments related to the filter you selected.

Ratio of broadband vs dial-up (4, Insightful)

Recovering Hater (833107) | more than 7 years ago | (#18539453)

Once you consider how many americans are supposedly still on dial-up it stands to reason that some portion of the zombie bot-nets will be hosted on corporate americas computers instead of in the home.

Companies can restrict outbound port 25 connects. (3, Insightful)

khasim (1285) | more than 7 years ago | (#18539525)

Yeah, home users aren't the whole problem.

But why aren't these companies correctly firewalled? Why do they allow machines other than their email servers to make outbound port 25 connections?

Why aren't their logs monitored? Wouldn't this be easy to spot?

Even with the resources of the biggest companies, their people cannot keep their machines clean or even stop them from sending spam. Who knows what else. A spam zombie can just as easily log network traffic, passwords and anything else on their wires.

Re:Companies can restrict outbound port 25 connect (2, Interesting)

Sparr0 (451780) | more than 7 years ago | (#18539565)

Why would you NOT allow outbound port 25? Thats a ridiculous restriction. The office I work at has plenty of people who *GASP* check their personal email from work. When they send replies, their SPF/DomainKeys/Whatever-using ISP requires them to use the proper SMTP server. As it should be.

They have usernames/passwords, right? (5, Insightful)

khasim (1285) | more than 7 years ago | (#18539643)

Port 25 is usually for server to server SMTP transmissions.

If you're an end user, you should have a username/password and be using port 465 or 587 (or whatever your email admin setup).

That is why companies should block outgoing port 25 connections from everything except there own mail servers.

Re:They have usernames/passwords, right? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18539903)

Many email clients still default to port 25 for outbound traffic. I'd rather not have port 587 become standard as it will encourage ISPs to block it as well. Having my own mail server is a hassle sometimes, but there are a few people like me who want to connect to their own mail server. This also goes for university campuses, and public wifi spots. Obviously encrypted communication is important in these scenarios and I do run webmail and ssh for backups. I understand the reaction to automatically block port 25, but consider this. What if the machine is spamming message boards and blogs? That would be port 80. Are you going to block port 80 too? A proxy might help with this situation, but its still food for thought. Using a proxy would involve admins securing there network. At the end of the day, these companies did not secure their systems or allowed contractors to plugin to their network. Its still their fault.

your use case (1)

Gary W. Longsine (124661) | more than 7 years ago | (#18540369)

You don't need outbound access on port 25. Use a non-standard port for your mail server like the rest of the cool kids.

Re:They have usernames/passwords, right? (1)

aztracker1 (702135) | more than 7 years ago | (#18540487)

First off.. port 587 etc traffic *CAN* be limited to only authenticated sessions, no end-delivery... also, mail servers shouldn't allow anonymous relay in any case... the only server you as a user should be connecting to outbound should be ones you authenticate to, and the 587 port is meant for this...

If the above restrictions are in place (no end-point delivery on 587, then the virii won't use it.

Re:They have usernames/passwords, right? (1)

jettawu (1030820) | more than 7 years ago | (#18541841)

Until it becomes mainstream to do so at which point the viruses you mention would be rewritten to steal the authentication info from clients that save that information (as the mass majority of people do which is what the viruses target) and then use that port 587. It is a good stop-gap solution for a specific network, but IMHO, it's not a great solution for everyone altogether because the virus writers would just rewrite their viruses. I think it's common that people try to solve the symptom (disinfect the individual computer) rather than the problem (security changes), so that's something that these corporations should consider. I also believe that there is no single solution to solve this one -- it'll take a combination of solutions to really "solve" it including but not limited to AV, network security, and user education.

Re:They have usernames/passwords, right? (0)

Anonymous Coward | more than 7 years ago | (#18542395)

Unfortunately, user education would be the biggest role in your solution, as well as the first to fail. Too many people just seem to not give a rat's ass that their computers could be infected with viruses that are sending out mass spam.

Re:They have usernames/passwords, right? (1)

8-bitDesigner (980672) | more than 7 years ago | (#18540811)

Believe it or not, all those wonderful little smart phones with WindowsCE on them have Pocket Outlook which is incapable of connecting on port 587 for outgoing connections.

Now, this might not be the case with CE 5.0 and onwards, but the versions I've worked with have just baffled me with that one.

Re:Companies can restrict outbound port 25 connect (1)

bendodge (998616) | more than 7 years ago | (#18539661)

My cable ISP requires all port 25 mail to go through their own SMTP server. It's a pretty effective spambot solution (and it's fast sending, since the server is close). But of course, GMail doesn't user port 25 (I love Google's trendbucking).

Re:Companies can restrict outbound port 25 connect (1)

LilGuy (150110) | more than 7 years ago | (#18543555)

I know it's a pain to have an abuse department that has to answer to complainers all across the net when one of your customers is infected with some spam virus, but forcing all port 25 traffic through your own smtp server(s) is pretty sketchy. I'd be willing to bet your cable isp's backbone is on the AT&T network...

Re:Companies can restrict outbound port 25 connect (1)

bendodge (998616) | more than 7 years ago | (#18544837)

Em, it appears to be time-warner from the traceroute.

Re:Companies can restrict outbound port 25 connect (2, Insightful)

Curien (267780) | more than 7 years ago | (#18539667)

Well boo hoo for them. If I set network policy, I wouldn't allow people to download foreign e-mail. If the user's just getting e-mail froma POP connection, you lose the ability to check it for viruses, spam, phishing schemes, etc. Basically, you might as well let people plug laptops right into the enterprise LAN (you're NOT doing that, right?). If they want to receive e-mail at work, they should have it sent to their work address (perhaps via auto-forwarding).

Scan every e-mail at the SMTP server. Scan every download at the proxy server. Protect your network. A little bit of latency isn't going to kill anyone.

That's inbound. I'm talking outbound. (4, Informative)

khasim (1285) | more than 7 years ago | (#18539755)

You are correct. All of those paths could lead to a workstation on your network being compromised. And you have great suggestions on how to protect them.

But I wasn't originally talking about inbound connections. Blocking the outbound connections would cut off the spam coming from your network.

How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).

Re:That's inbound. I'm talking outbound. (2, Interesting)

hedwards (940851) | more than 7 years ago | (#18539933)

When I was in college a couple of years ago, we had a couple of computer labs. The one I am going to talk about was a mac based lab completely consisting of old world macs. What they did to limit the amount of damage that a root kit could do and make it harder for large amounts of malware to get on there was this:

In addition to the normal security setup each computer had an additional program on it. The function of the program was to reset the contents of the computer to that of a default image every single time it was rebooted.

While that is not at this point in history enough on its own as some things can apparently now get into the firmware and it does nothing to prevent malware getting on between boots, it does make it that much slower for any sort of spyware or spam programs to get on there as well as limiting the stay in most cases to under a day.

Re:That's inbound. I'm talking outbound. (1)

bangenge (514660) | more than 7 years ago | (#18540049)

That's a good idea except it will only work for computers that do not need to save some sort of state, those such as school labs and the like (where user data is primarily saved in the servers). Enterprise computers are not in that category. For example, setting up email accounts (outlook, thunderbird, etc) would be quite a pain in that regard, unless you use web based email (TWIG, Squirrel, OWA) which will easily eat up storage in no time. User preferences (wallpapers, screensavers, themes, recent docs) will generally be wiped clean every boot. That's nice if you want to work in a boring, authoritative environment, but that's still not for everyone. :) FYI, we used to have them in school, and in the company dorm in Japan, which was mainly used for surfing and email (and a quick dose of brood war every now and then).

Re:That's inbound. I'm talking outbound. (0)

Anonymous Coward | more than 7 years ago | (#18540195)

We do something similar except we use a stripped down version of debian linux that runs vmware player.

The way we get around is to make C: a non-persistent image which means that it will not retain any modifications when vmware player is stopped and restarted. When you need to do windows update or make any real changes you simply change it to persistent and then change it back to non-persistent after you are done making changes.

To allow people to actually get work done.. you make another image for a D: drive that is always persistent. Using a little tools from sysinternals called junction you can make the c:\document and settings actually exist on the D drive. With this people will be able to use outlook to send and receive email on their local computer, use bookmarks in ie, save documents to my documents, and many more things.

http://www.microsoft.com/technet/sysinternals/File AndDisk/Junction.mspx [microsoft.com]

There are ways a virus could get on the machine and survive reboots like putting itself in the startup menu.. but if you can follow me this far I'm sure you can handle that :P

With ssh and the correct vnc server program you can even remotely access these machines to do maintenance including checking out the employees live session without them knowing or with them knowing when they need a little help. Pretty much the person sitting down is using a vncclient to connect to x themselves locally but they can't tell. :)

Devek - too cool to register

Re:That's inbound. I'm talking outbound. (1)

Curien (267780) | more than 7 years ago | (#18540309)

Roaming profiles, FTW.

Re:That's inbound. I'm talking outbound. (1)

pe1chl (90186) | more than 7 years ago | (#18540643)

Maybe you should read up a bit on "roaming profiles", which are usually used in an enterprise environment with a Windows domain.
Those store your user settings on the server and make them available on any client where you log in. So you don't have to setup your email account or wallpaper every time you use another computer, or re-install it.

Re:That's inbound. I'm talking outbound. (1)

mpe (36238) | more than 7 years ago | (#18541123)

That's a good idea except it will only work for computers that do not need to save some sort of state, those such as school labs and the like (where user data is primarily saved in the servers). Enterprise computers are not in that category. For example, setting up email accounts (outlook, thunderbird, etc) would be quite a pain in that regard, unless you use web based email (TWIG, Squirrel, OWA) which will easily eat up storage in no time. User preferences (wallpapers, screensavers, themes, recent docs) will generally be wiped clean every boot.

With the possible exception of portable machines there's no good reason for any of this to be being stored anywhere other than on a server in the first place.

Re:That's inbound. I'm talking outbound. (1)

progprog (1016317) | more than 7 years ago | (#18540553)

How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).

Imo that set of discussions is relevant right now.

So it's not just ignorant home users who are spreading spam and malware -- it's Fortune 1000 companies with access to IT professionals, people whose job is to prevent such mishaps. Which begs the question, why on Earth are we asking if Linux is ready for the [corporate|office|grandma's] desktop? The question should be, "is Windows ready for the Internet-enabled desktop?"

Re:Companies can restrict outbound port 25 connect (1)

asninn (1071320) | more than 7 years ago | (#18540291)

That'll work fine until the CEO demands to know why he can't check his mail anymore or why there suddenly is "a little bit of latency" that wasn't there before. Don't overestimate your power to "set network policy" in the face of upper management.

Re:Companies can restrict outbound port 25 connect (1)

Curien (267780) | more than 7 years ago | (#18540333)

The latency wouldn't be when you check e-mail, it would be when e-mail is /delivered/. This is already a high-latency process, so adding a little more is negligible. Plus, users tend not to notice latency at that stage.

Re:Companies can restrict outbound port 25 connect (1)

StarvingSE (875139) | more than 7 years ago | (#18539685)

I admit I am not an expert on the subject of web-based e-mail, but checking your yahoo, gmail, comcast webmail, whatever is done through the web, which uses port 80, which most likely won't be blocked by your employer. Port 25 should be restricted to a company owned e-mail server.

If your employer is allowing you to check your home e-mail through a client (outlook, thunderbird) then that is asking for trouble.

Re:Companies can restrict outbound port 25 connect (0)

Anonymous Coward | more than 7 years ago | (#18541949)

"Why has my submitted story been marked as "pending" for over 2 weeks now?"

You, too, eh? I have one that's been "Pending" since March 11. I suspect some sort of system glitch.

Re:Companies can restrict outbound port 25 connect (0)

Anonymous Coward | more than 7 years ago | (#18543141)

Speaking of Gmail, when I started at my new job I thought I was being good by keeping my personal email seperate from work on gmail and checking it from work. That was a no-no. Ok, I stopped checking it. I did however still have a gmail checker on my google portal page that showed new mail and only the subject. I didn't realize that this showed up on logs as an http access to gmail.com (I didn't even realize it was accessing gmail via a direct http request). No-no #2. So if they monitor for outside email access don't use google's gmail notifier.

Re:Companies can restrict outbound port 25 connect (5, Insightful)

db32 (862117) | more than 7 years ago | (#18540115)

I seriously hope you are being sarcastic. If I ran across a firewall admin on any corporate network allowing outbound 25 from anything but the corporate email servers I would suggest canning their asses in a heartbeat. It is just stupid on so many levels. First of all checking personal email from work should be on the top 10 things of "you aren't allowed to use the corporate network for this", beyond that, outbound 25 has precious little to do with that anyways, unless they are running an email server on the corporate network in which case that should be #0 on the list since #1 assumes that your employees aren't stupid enough to use your corporate resources to run personal servers, either way a good firing would fix that in a hurry. Honestly, since most corporate networks these days are using exchange boxes, they shouldn't even really be allowing outbound 25 from ANYTHING on the internal network. A good admin will have a secured relay be it part of the firewall or a sun box or something other than allowing the win/exchange boxes from talking directly to the net.

You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases. The enterprise network exists for the sole benefit of the enterprise. Personal email, instant messages, myspace, what the hell ever, has a risk that FAR outweighs any potential benefit. If your employees can't leave their email/myspace/im friends for 8hrs a day you should probably find employees who can. There is plenty of websurfing around that doesn't involve grotesque breeches of security to keep people entertained while they are being productive. If the company is paying you so little that you can't afford your own internet access you should probably find a new job.

Re:Companies can restrict outbound port 25 connect (5, Insightful)

paeanblack (191171) | more than 7 years ago | (#18540417)

You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases.

That's a classic example of IT narrowmindedness. If the employees no longer care, no technical measures will secure your data. Security is everybody's business, not just yours. People will naturally protect that which they care about. No morale = no security.

As you seem to be from the school of "a good firing will fix anything". Hopefully for your own sake your boss wises up and uses a 'good firing' to adjust your attitude, because I doubt anything else will penetrate that skull.

You have to be cruel to be kind (1)

TapeCutter (624760) | more than 7 years ago | (#18541189)

"No morale = no security."

Yes, but one of them came first. A company that has LAN problems does not get much done and if it happens regularly you will find your users wandering off on "LAN breaks", managers will attempt to charge the IT dept for down time, ect, frustration levels rise, experienced sysadmins are like rats on a sinking ship, and morale suffers.

Like it or not the GP is correct, IT policy is a matter of coporate "self preservation". LAN policy must be enforced from the top down with the same rigour as financial policy.

Re:Companies can restrict outbound port 25 connect (3, Insightful)

db32 (862117) | more than 7 years ago | (#18542369)

IT narrowmindedness? Sure, whatever, I am so sick of users justifying the most insane bullshit on the network and then crying about the IT department being enforcing such harsh restrictions. Go buy your own internet access and expose your home network to whatever you want, not mine. Then on top of this its the IT departments fault when the secretary has installed 18 random mouse cursors and other malware crap and her computer runs like shit. While doing contract work I almost watched a woman get fired on the spot for that crap because they kept having to call my company in and send me out to bill them for something like $70/hr to come and fix this womans PC. Finally the boss asked me what it was and I told him she has all this garbage installed and every time I remove it she puts it back on and then I have to come back out and fix it. So...she was costing her company hundreds of dollars in support because she just HAD to have the puppy theme for IE and all the puppy cursors.

Further, since I have frequently worked on secure networks, if I catch you doing something stupid you are likely to get reprimanded and depending on the level of stupid fired, if higher up the chain catches you, or something bad happens due to your nonsense...you are looking at fired or jail. So in fact when dealing with sensitive networks that is the method because it isn't fun and games, its business, and the corporate network doesn't exist for your amusement. There is plenty you can do to kill time with a solid network with good policy, that doesn't involve installing a bunch of BS, or allowing IM/Email/etc. Unless you haven't been watching the news, data exfiltration is a major issue, and most problems are inside jobs.

I seriously don't understand this IT narrowmindedness crap that keeps coming up. Users expect their IT department to protect them. They follow the logic of "if I can do it then I must be allowed to do it and it must be ok" A good IT department lays down solid policy and enforces it. Security is everyones business, but its the IT departments job. You can bet your ass the first time something goes wrong the IT department is going to be answering alot of questions about "why didn't you have something in place to prevent this".

Exposing your network to user stupidity has nothing to do with morale. People cry this morale bullshit when trying to justify poor policy or poor behavior when its just a failure to do their job or take security seriously. We have had IPTV on the network for ages, you can watch any number of TV channels fed through the network. Live TV, and not sucking down precious internet bandwidth. But people will still bitch and moan about wanting streaming media so they can watch whatever stupid clips they find on myspace that have driveby malware installs and other such exploits and then when a good admin blocks myspace people like you will cry about how aweful and draconian it is to protect your network from threats when the users want to expose millions of dollars of equipment to risk.

I invite you to go deal with a melissa "virus" type cleanup, not even really a virus, user must interact with it and it still spread like wildfire and caused millions in damages on just the few networks I supported at the time. (In fact almost watched a guy get fired on that one too for causing the loss of 2GB of marketing images). Even better, go deal with a real virus that can spread on its own because some dumb bastard clicked on cool_mp3.scr from his webmail that he shouldn't have been using. A real outbreak costs an insane amount to contain and most of the time it could have been prevented by good policy and enforcing that policy.

My responsibility is to the security of the network, not the whim of the user.

Network security is primarily a people business. (1)

McDutchie (151611) | more than 7 years ago | (#18542885)

I mostly am the IT department at a 30 employee company, so I have some experience with these issues from a somewhat different (non-Fortune 1000) perspective.

First, you are confounding personal use of the network (e.g. personal email) with major security risks like people installing their own software. If people are even able to install their own software on the computers under your management, I have no idea why you still have a job -- restricted-rights user accounts exist for a reason. From a security perspective, allowing software installation is dumb. Allowing personal email is not.

That's because the company network exists for the benefit of the people keeping the company running -- people being the essential keyword. Allowing the minimum access rights required for the job and no more is good security policy for software, but it's crap for people. You're creating resentment and a blame-the-IT-department culture, as well as a major incentive for users to get away with whatever they can get away with. This type of policy is known to lower overall productivity, simply because it makes the employees unhappy and cynical.

Where I work, people care about the company and they naturally care about the network as an extension of the company. The company runs Linux Terminal Server Project-based terminals and a few Windows boxes under limited-rights user accounts. Technical measures disallow the installation of any software without it going through me first. But no one cares if people want to send a few emails to friends or check what the weather will be like over the weekend. I treat employees like people, not like security risks. I never get blamed for problems, I get thanked for solving them.

My responsibility is to the security of the network, not the whim of the user.

A good network manager's responsibility is to the user -- period.

have a nice ride... (0)

Anonymous Coward | more than 7 years ago | (#18544531)

for the next couple years before either..
1) your ass is fired
2) your job is best shored and you collect cans to support your WoW addiction
3) your company is bought by a company with security sense (oh wait, see #1 and #2)
You are in the "reserves", buddy. When you get to the front lines (trenches) you will see the light.

Re:Companies can restrict outbound port 25 connect (1)

644bd346996 (1012333) | more than 7 years ago | (#18542879)

Somebody smart enough to install an email server on a company workstation, but dumb enough to think that it is okay, is dangerous to the company and should be fired.

Re:Companies can restrict outbound port 25 connect (1)

jvkjvk (102057) | more than 7 years ago | (#18543827)

Exactly. My first thought was - Jeez, He's part of the problem!

Don't check "personal" email, don't surf Slashdot, do nothing except work and do what you're told. Easiest way to have people to come in with a slave mentality. Do just enough to avoid getting beaten down but certainly not enough to actually make a difference.

  I wonder how he reconciles his use of company resources to post to Slashdot with his attitude toward lusers. Oh, right, he's probably posting from home... and some lusers are more equal than others (mainly, those that have the Keys to the Kingdom).

Re:Companies can restrict outbound port 25 connect (0)

Anonymous Coward | more than 7 years ago | (#18541923)

Honestly, since most corporate networks these days are using exchange boxes, they shouldn't even really be allowing outbound 25 from ANYTHING on the internal network.

I seriously hope you are being sarcastic. Exchange? Every serious company I have ever known uses Lotus.

Re:Companies can restrict outbound port 25 connect (1)

sabernet (751826) | more than 7 years ago | (#18543659)

I sincerely hope you were being sarcastic. Lotus? What is this: 1995?

Say what you want about MS(personally, I don't much like em' and Vista is the most horrid thing to happen to the OS world since ME), but Exchange works and works well. And yes, most companies use it. Maybe a couple of holdouts or diehards use Lotus. But Exchange is definitely the dominant platform and is the great majority of MS's piggy bank.

Your statement would be like saying, "Most computer users I know run BeOS".

Re:Companies can restrict outbound port 25 connect (1)

Hoi Polloi (522990) | more than 7 years ago | (#18542951)

This is the IT environment I work in and I've managed to survive. As long as your internet use is reasonable and you are getting your work done and on time they leave you be.

Re:Companies can restrict outbound port 25 connect (1)

zrq (794138) | more than 7 years ago | (#18543785)

.. checking personal email from work should be on the top 10 things of "you aren't allowed to use the corporate network for this" ..

I can understand why you would say that. However, what about external visitors to your site ?

A large part of my job involves visiting other university departments and conferences, email (and Jabber IM) contact with my home department is vital for being able to respond to questions and problems raised by the people that I meet. Which is why I'm there in the first place.

I'm not suggesting that you should allow unrestricted outbound access. Obviously, any spam sent by a visitors laptop would appear to come from your network, which is a bad thing. What I'm looking for is suggestions on how to handle the problem without preventing visitors access to the external tools that they need.

My own solution is to run linux on my laptop (reducing the probability that it would be a spam sender in the first place) and using a ssh tunnel to route any emails that I do send via the mail server at my home institute (so any spam it did send would appear to come from my home institute, not from the site that I'm visiting). If I can't access my department account, then I fall back to using my GMail account.

However, this isn't a generic solution for two reasons.

  • A lot of sites won't allow guest machines (particularly laptops on a wireless network) to use ssh to connect to a remote system
  • I know enough technical stuff to set this up. Normal users (those most probable to have a spam sending laptop) probably wouldn't

So, has anyone got any practical suggestions on how to setup a system that allows guest machines to access their (legitimate work related) external email (and IM chat) systems from within a host network without leaving the host network open to being labelled a spam sender ?

Re:Companies can restrict outbound port 25 connect (1)

kalirion (728907) | more than 7 years ago | (#18543857)

You can argue morale issues until you are blue in the face, network security should trump that in 99% of those cases.

Easier said than done. When you consider that even the formidable Los Angeles CTU security defenses were breached by a simple remote-execution browser exploit planted on a web-page, what chances do normal businesses have?

Re:Companies can restrict outbound port 25 connect (1)

spacefight (577141) | more than 7 years ago | (#18540411)

If you leave Port 25 open as a company, you're basically asking for trouble....

Re:Companies can restrict outbound port 25 connect (1)

DrSkwid (118965) | more than 7 years ago | (#18540719)

How to make yourself look totally ignorant about the internet in one easy post.

Re:Companies can restrict outbound port 25 connect (1)

v1 (525388) | more than 7 years ago | (#18541449)

port 25 is not used to check mail, it's used to send mail. port 110 (POP3) is used to receive email and there is little or no reason for a firewall to block it. Port 25 is what the spammers are interested in because that's SMTP for sending mail.

Both companies I work for get their internet service from a provider that blocks port 25 at the head end. If you want to send mail, you must send using their SMTP server, it is the only IP address exempt from port 25 traffic. If a spambot is dim enough to try to use the victim's own SMTP server as specified in their mail account, the ISP's filters spot it in an instant since it's going through their own servers, the customer's cable modem is remotely shut down, and they get a phonecall. They won't get internet back until they have cleaned up their computer. That's how it should work everywhere. While this is not a policy here, I have heard of ISPs that go a step farther and you have to request a tech come out and install antivirus software on your machine and certify it clean before they turn your service back on. That provides a financial responsibility to not get your computer owned, since you are paying for that service call every time it happens. I have also heard of a few ISPs that drop you as a customer if you hit your 3rd offense. I have no problem with any of these policies.

Now this is minorly annoying as if I read an email on my home account when at work, and I hit reply, I have to change the SMTP address from my home server's to the internet provider's here at work or it will timeout. Though considering it's blocking 98% of the spam zombies on their networks from pumping spam, I think it's an excellent tradeoff and it doesn't bother me so much.

Re:Companies can restrict outbound port 25 connect (1)

Sparr0 (451780) | more than 7 years ago | (#18543951)

port 25 is not used to check mail, it's used to send mail. port 110 (POP3) is used to receive email and there is little or no reason for a firewall to block it. Port 25 is what the spammers are interested in because that's SMTP for sending mail.
Maybe you missed the part where I said this:
"When they send replies, their SPF/DomainKeys/Whatever-using ISP requires them to use the proper SMTP server."

Now this is minorly annoying as if I read an email on my home account when at work, and I hit reply, I have to change the SMTP address from my home server's to the internet provider's here at work or it will timeout. Though considering it's blocking 98% of the spam zombies on their networks from pumping spam, I think it's an excellent tradeoff and it doesn't bother me so much.
Changing your SMTP server like that is exactly what you SHOULDNT do in terms of proper spam solutions. SPF (usually) says you have to send your bob@isp.com emails through smtp.isp.com, not smtp.workplace.com. If workplace.com is blocking outbound port 25, shame on them.

Re:Companies can restrict outbound port 25 connect (1)

rbanffy (584143) | more than 7 years ago | (#18543099)

Believe it or not, blocking ports is a solution most would prefer to dropping their favorite (and the only one they ever knew) OS in favor of something that is not an excellent petri-dish for just about every digital disease known to man and machines.

Re:Companies can restrict outbound port 25 connect (1)

afidel (530433) | more than 7 years ago | (#18539837)

Yep, that's what I came here to say. Outbound port 25 blocking is a standard for any firewall config I do. It helped me out the one time a mail server I admin got incorrectly added to a RBL, I simply told them that my outbound 25 was restricted to the one host and asked them to run a scan on it, once it came back as not being an open relay them removed me immediately. I have never had someone give me a legitimate business reason for not restricting it, and I really can't imagine one. Contractors and consultants should be using their corporate solution, better yet they should have cellular cards so they don't have to traverse my network at all.

Re:Companies can restrict outbound port 25 connect (1)

aztracker1 (702135) | more than 7 years ago | (#18540477)

Many viruses that send out spam use the MAPI interface (Outlook & Outlook Express) to use the mail settings on the local machine... So blocking the port doesn't help nearly so much... though why they don't have outbound mail flagged if a user sends more than say 10 emails an hour on average is beyond me...

Re:Companies can restrict outbound port 25 connect (1)

siriuskase (679431) | more than 7 years ago | (#18542671)

Security, as is much of IT, is a cost center. It's hard to get authorization for hiring enough employees and equipment to do a proper job and continue to do a proper job unless you have an expensive embarrassing incident. And then, to save face, cover ass (what's the difference), management brings in an expensive outside security consultant to do a little magic and save the day. The underequipped, understaffed fulltimers will be lucky to keep their jobs.

Never attribute to malice... (0, Redundant)

UbuntuDupe (970646) | more than 7 years ago | (#18539463)

Isn't it a lot more likely that their Windows boxe(s|n) just got zombified?

Re:Never attribute to malice... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18539507)

If you're not going to RTFA, you could at least read the summary...

Re:Never attribute to malice... (0)

Anonymous Coward | more than 7 years ago | (#18540007)

If the submitter can't be bothered to write a decent headline, what good can possibly come from reading the summary?

Re:Never attribute to malice... (4, Insightful)

TopSpin (753) | more than 7 years ago | (#18539931)

Isn't it a lot more likely that their Windows boxe(s|n) just got zombified?

You're probably right; spammers are among the most aggressive attackers and most of the F1000 have large distributed networks where a (hopefully) small number of systems are going to be vulnerable at any moment. On the other hand, these companies can and do pay for high quality and high capacity pipes. They are also far less suspect as a source of spam, and the ISPs will certainly be reluctant ($$) to take unilateral action to deal with suspect traffic (as some do with their residential customers.)

For all of these reasons F1000 hosts are many times more effective as spam zombies than your average asymmetric DSL host, so I have no problem with people exposing carelessness or neglect among these companies. They have the resources and talent to prevent this sort of abuse. If they're not, a little bad press might help. Earlier today we all learned that some 40+ million credit/debit card accounts got downloaded from commercial IT systems. I wouldn't be surprised to learn that those same companies have a long history of unwittingly contributing bandwidth to spammers.

Re:Never attribute to malice... (1)

gmuslera (3436) | more than 7 years ago | (#18540017)

Im not worried about spam sent by those machines. If you assume that all those machines are not sending spam because their usual user send it on pourpose, then means that all those fortune 1000 companies have maybe a lot of people with sensible information/passwords/access regarding their internal network, with compromised PCs (that have keyloggers, bots picking orders from their master, etc).

Having botnets composed by home users with their hobby pcs is bad enough, now when that botnet have a good numbers of PCs with priviledged info/access inside is far worser.

Re:Never attribute to malice... (2, Insightful)

MooUK (905450) | more than 7 years ago | (#18541327)

Sending email by porpoise sounds like a fun idea...

Re:Never attribute to malice... (0)

Anonymous Coward | more than 7 years ago | (#18540035)

I set up an FC3 box with only ports 21,22,80,443 open on the firewall and it became an eBay phishing site in 3 weeks.
The best I could tell, a combination of brute force attacks on the ftp and ssh services let them in.
I have since used fail2ban on every linux box I setup, 5 failed login attempts = 12hr ban via iptables. For windows, I don't let it have any exposure to the public Internet (no open ports on the firewall).

Not suprising to me (1)

rhartness (993048) | more than 7 years ago | (#18539489)

Yes, I didn't read the article but I wonder if this is from in-network computers for these major companies or if it included the computers that traveling business men and women tote around. It's been my experience that the laptop users often have more freedom on their mobile computers to download and install any junk they can find. This means that they are more likely to be targets of bots that will setup this type of crap. Also, a couple of the companies that were mentioned were more tech based. I would imagine that those corporations might have a higher percent of power-users that they allow to have Admin rights on their workstations. Of course, just because your a power-user doesn't mean that you are going to take the best of care of your work box. My 2 cents.

Defense in depth. (2, Insightful)

khasim (1285) | more than 7 years ago | (#18539581)

Those are the biggest companies that should be able to afford the best security measures.

You know what? With a couple of old boxes and Linux you could setup a smaller company so that this would never happen.

Use Linux as your firewall and restrict any outbound SMTP connections to your email server.

Use Linux and Snort to monitor crap on your network.

Use Linux as your DHCP/DNS server and lock down the IP addresses by the MAC addresses. Yes, this is labour intensive. But it will allow you to keep all your regular machines on one sub-net and all other machines (laptops and such) on a different sub-net. That way you can put a few more restrictions on those machines. And a bit more monitoring.

That way you have multiple points at which you can become aware of a problem. And multiple points where an attack will fail.

Re:Defense in depth. (1)

csk_1975 (721546) | more than 7 years ago | (#18540163)

What I don't understand is why you would have outbound filtering at all for any desktop machines. Having any routes from any desktop to anywhere near the Internet is asking for trouble. Default route them to a dead end occupied by a snort box. Proxy all valid Internet traffic via servers specifically setup for this purpose. Allow those servers to have routes to the Internet or better yet to secondary proxies located in your DMZ and filter inbound and outbound connections from those servers. Have an internal DNS which forwards external resolution requests (non resolvable will do as the criteria) to a box which is simply an alarm and used for logging. Sure your better malicious code can create a back channel on port 80 via a proxy and its hard to notice, but passing a content scanner, virus scanner and IDS over proxied traffic is pretty easy, you can even do it at your leisure as it can all be cached.

I'm constantly amazed at the lack of security in big companies. They allow all sorts of direct connections from desktops to the Internet and then block innocuous stuff like VPN traffic. I woould have thought the first lesson taught in security 1H would be "routes to untrusted networks are BAD".

Big companies have more staff - not necessarily better staff.

Re:Not suprising to me (4, Informative)

Bonker (243350) | more than 7 years ago | (#18539855)

Also, frequent laptop-toting business travelers (almost universally salesmen) also have more limited access to their local IT techs.

For example, I've worked fairly frequently with a poor lady who was a salesman for a remote market. She lived there rather than near my office. Her email account got suspended at least once a week due to the fact that her laptop had syphilis, gonorrhea, warts, crabs, and just about every virus and worm known to man.

Phone walk-throughs just didn't help with this lady and the local ISP (mandated by accounting) blocked any ports that could be used to remotely administer her machine. Finally we had her fed-ex it to us for cleanup, wipe, and reinstall of a fairly-well locked down windows system with our (accountant selected) workstation antivirus app.

This cycle continued four or five times. Her Antivirus app somehow got disabled and her machine became Typhoid Mary. She shipped the Laptop back and we tried to lock it down as securely as possible.

Ultimately, we discovered that an internet cafe she frequented was infected with a particularly nasty spam-bot worm that our particular antivirus app didn't catch (An AnnaK variant, IIRC). We used this as evidence to override the accountant's selected cheapo antivirus with something that worked a little better.

Re:Not suprising to me (1)

flyingfsck (986395) | more than 7 years ago | (#18539907)

Yup - I worked at a small company where the viruses always originated from the CEO's laptop.

Re:Not suprising to me (1)

aliensporebomb (1433) | more than 7 years ago | (#18544579)

This is exactly what it is in many cases. Where I work as a Sysadmin we have
independent contractors who come and go and utilize our network. The problem
is frequently the children of these users who use the parents work machines to
do homework, surf game sites or even the adults who use it to surf gambling
and adult entertainment sites. It is their equipment but we allow it on our
network. We lock some things down, but it is still the persons personal
property. An unusual situation I admit.

maybe (2, Insightful)

mastershake_phd (1050150) | more than 7 years ago | (#18539515)

Well laws havent stopped spammers or botnets yet, maybe big companies suing them for millions (or billions) in damages will, couldn't hurt.

ExxonMobile (5, Funny)

biocute (936687) | more than 7 years ago | (#18539529)

finding stock spam being pumped from ExxonMobile

This is no spam, this is an actual stock push you insensitive clod!

ATTN: Windows/Linux refugees! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18539645)

Still looking for the "maximize" button when your Mac has "zoom" instead? Take the hint, switcheurs: If you can't deal with multiple windows at once, GTFO of our platform. The Mac wasn't designed for one-track minds.

Re:ExxonMobile (0, Offtopic)

edwardpickman (965122) | more than 7 years ago | (#18539891)

So you mean all the emails saying Global Warming is a Commie plot by gay Democrats aren't spam they are simply informative emails from ExxonMobile?

Big surprise (1, Flamebait)

cdrguru (88047) | more than 7 years ago | (#18539585)

Could it be that most users can't seem to understand that surfing to porn sites leads to malware being installed? How about clicking on random attachments leads to compromised computers?

Perhaps computers meant to be used as email appliances should really be email appliances rather than general purpose programmable (and repurposeable) computers.

The alternative to this is to figure out a way to make sure that it is impossible for users to ever install anything on their computer that will compromise it. Sounds impossible to me. Making an idiot-proof email application is just a stopgap until someone comes along with a better idiot.

Re:Big surprise (1)

Detritus (11846) | more than 7 years ago | (#18539725)

Why not just shoot all the users. We can't have the employees ruining our perfect computer network with work and stuff.

Re:Big surprise (4, Interesting)

Frogbert (589961) | more than 7 years ago | (#18539799)

This got me thinking. How many users are out there that know their computer was infected or screwed with while they were visiting a porn site, and are too afraid of getting fired (for looking at porn) to tell IT that something is wrong.

Food for thought.

Re:Big surprise (1)

glwtta (532858) | more than 7 years ago | (#18540037)

In my experience, they are fairly forthcoming in reporting malware infestations (usually "computer runs slow" is what they come to me with), and then lying through their teeth about what they've been doing to get there.

Actually, here's the complementary thought (5, Interesting)

Moraelin (679338) | more than 7 years ago | (#18540351)

This got me thinking. How many users are out there that know their computer was infected or screwed with while they were visiting a porn site, and are too afraid of getting fired (for looking at porn) to tell IT that something is wrong.

Food for thought.


Actually, here's another thought for you: how many got pwned by other means, but are affraid that some "lusers are idiots" type will blame it on porn? I've only skimmed through the thread and I already see two blanket generalizations to the effect that, respectively, (A) infections come from porn surfing, and (B) the user is lying through his teeth if he's saying otherwise.

The fact is, there are so many ways to get pwned today, it's not even funny. Email attachments, trojan programs packed as some cutesy screen server or utility you can download, phishing-like schemes where you're sent to a page chock-full of IE exploits, warez sites (tend to be worse than porn as infection risk goes), spyware serving ads with exploits in them, or rarely a genuine site or ad provider getting pwned and helping spread exploits (don't assume that _only_ spam zombies can possibly ever get installed when security is breached), etc.

Yes, you can say that they should have known better, but it's still not porn. And it sometimes comes with the endorsement, real or faked by a trojan who took over a friend's address book, of someone they know. E.g., every company has a wiseguy or two setting up some jokes mailing list and forwarding there anything he receives, indiscriminately, including links to other sites. And by indiscriminately, I mean here one even managed to forward a couple of business emails to that list.

Then there are malicious insider jobs. There are cases of sheer idiocy on the part of some techie or programmer or PHB. (You can occasionally read advice even on /. to the effect of leaving a backdoor to some client's machine so you can remotely debug it, for example. Or insecure stuff left in programs just on the assumption that noone will know it's there.) Etc.

Re:Actually, here's the complementary thought (5, Insightful)

lukas84 (912874) | more than 7 years ago | (#18541255)

The problem is, that the whole story is two sided.

It's very hard to maintain an open attitude when working in IT. Especially when you're doing Internal IT only (i mostly work for our customers, and do our internal IT as a side job).

People fuck up, and are afraid of the consequences when they fucked up - thus they will try to find something else to blame.

IT People fuck up too, and are afraid of the consequences when they fucked up - thus they try to find someone else to blame.

The consequences are that Users and IT People don't trust each other. And this is bad, very bad.

IT is something to make your users more productive, and help them to get their work done faster. A restrictive policy usually won't help you with that. My company has a very open IT policy - and i think it helps with both morale and problem resolution.

We even allow our employees to plug their own laptops into the company network. Yes, it's risky. But the problems incurred and benefits reaped are a better than properly securing this (e.G. buying 802.1x switches and segmenting clients into VLANs according to their identification).

Remember - IT is an internal service to make the company work better. IT is not an end, it's a means to achieve an end faster. You as an IT guy should think about "how do we get our employees to be more productive" and not "how do we restrict them as much as possible so that i can sit around and read dilbert all day long".

No objections (1)

Moraelin (679338) | more than 7 years ago | (#18541435)

No objections there. In fact, I wish I could mod you up, but then I've posted in this thread already. Very refreshing to see a sane attitude, in any case.

Re:Actually, here's the complementary thought (0)

Anonymous Coward | more than 7 years ago | (#18543919)

You can't have a policy that is too open, because users will take advantage of it. It's sad for those who behave, but the few bad can easily outweigh the majority good.

I'll give you one of the many many examples that i've seen with my own eyes:

When i came to work for my company, everything was wide open security-wise. The firewall wasn't set up very well... so there were users using peer to peer apps and killing bandwidth on a regular basis. I sent emails to everyone warning them that such programs were killing our bandwidth and was affecting all of our remote offices (and it was, in a bad way). Maybe one user listened. I then started telling them face to face, and disabling it on their machines while i kindly explained the problem it was causing for others.

9/10 users reinstalled the bad app or similar.

After wasting countless hours with this sort of thing (when there were much much bigger fish to fry), and being shorthanded, it was time to start locking things down. Some users were demoted to users on their local machines. The firewall was set up to block everything but needed services.

I waited a long time and tried to be nice... too nice, obviously, because most of the troublemakers stayed troublemakers.

IT has to be harsh to function in any normal company, otherwise time is wasted for everybody, productivity goes down, etc. If people were more responsible, it wouldn't have to be this way, but that's human nature (at least in the USA).

Re:Actually, here's the complementary thought (1)

lukas84 (912874) | more than 7 years ago | (#18544183)

It depends. I work in a Small Business, and for Small Businesses. With a maximum of 50 people in a company, you know everyone. Things might be different in a big company, when you're no longer "Joe Smith from the IT Dept." but instead "Employee #0815".

I never had issues with file sharing programs.

I did have a bandwidth hogging issue though, with Zattoo [zattoo.com] (a legal P2P TV application). During major sport events, our internet broke down. I sent an email that zattoo shouldn't be used by multiple people at once, and instead they should listen to these events by radio, or watch it in the conference room.

Issue resolved.

Oh, and you think productivity breaks down when people are watching a sports event? It does for a moment, but most of them will catch up on it on the same day. Not everyone.

I don't know about big corporations, but in a small business, you need to trust every employee you have. That doesn't mean leaving the admin passwort to "1234", but it means to only implement measures which are necessary.

As a side effect, when other people in the company trust you, they will come and ask you for advice. This is usually before they fuck up.

An issue i encountered often is:
"I need program x to do z, but i'm not allowed to buy it".

Under normal circumstances, people might've looked for a warez copy of it, and instead finding viruses or spyware.

In this case, you usually have two ways to go

"Theres the alternative solution y, which is open source, i can install it for you"

"I don't think that theres another program than x that can do this, i will talk to your superior"

Employees are people too. If you let them waste maybe 10 hours in a year watching important sports events, they're happier. And happy people work better.

Re:Big surprise (1)

flyingfsck (986395) | more than 7 years ago | (#18539847)

I can click on anything using any of my computers and I don't get infected with crapware. This is how it should be. You cannot blame the users for the idiotic security flaws of rotten computer systems.

Make them pay! (2, Interesting)

Tijaska (740114) | more than 7 years ago | (#18539709)

If corporates host boxes that pump out spam, sue them! Their firewalls shouldn't allow emails to flow out of their networks except from one of their approved mail gateways, which should require user authentication before accepting mail, and which should apply reasonable limits like 300 emails sent per source IP address per day, except for the corporate's own spam machine (a.k.a. marketing). Corporates should be held accountable for choosing cheesy software that allows viruses to take over their boxes, and for failing to protect them with their own firewalls, to the extent that this is possible with cheesy software. Let's share the pain, and over time it will percolate back to the prime source of cheesy software.

Re:Make them pay! (1)

Net_fiend (811742) | more than 7 years ago | (#18539761)

Seems to me if they had SPF and turned off relaying non of this should have happened. But again that assumes all the mail is going thru their system and not some temp tiny mail server that was dropped in by a trojan/worm etc. Those (I believe) create their own server which in essence would bypass any sort of mail server they have setup. But still it is going thru a router somewhere...so they should have packet shaping setup or some other routing protocol that slows that particular connection if its utilizing a lot of bandwidth. Apparently someone's degree at those businesses means jack otherwise they would be making sure there are no compromised machines. Then again...no one is perfect nor is any business perfect. You will get compromised machines here and there from time to time. One policy that should never be laxed though, but often times is, is security. Why? Because of office politics and the idiots who are managers who don't know or want to know jack about software/IT or anything in between that make IT pros lives a miserable hell.

Re:Make them pay! (0, Flamebait)

Achromatic1978 (916097) | more than 7 years ago | (#18539771)

I'm sorry, who the fuck died and made you arbiter of what was a "reasonable limit" of email that I should be allowed to send?

Re:Make them pay! (1)

flyingfsck (986395) | more than 7 years ago | (#18539925)

Yup - with a helluvalot of effort, even Windoze can be made secure. Here is the manual:
http://www.microsoft.com/downloads/details.aspx?Fa milyID=d39d0028-7093-495c-80da-2b5b29a54bd8&Displa yLang=en [microsoft.com]

If you do it right once, then ghost it, you can make as many secure PCs as you need.

Admins who don't secure corporate PCs are just lazy, stupid or both...

Little problem.. (1)

cheros (223479) | more than 7 years ago | (#18540197)

Admins who don't secure corporate PCs are just lazy, stupid or both...
 
You're assuming two things here which aren't always true in corporate life:
 
1. Admins have control over all the machines on their network. That's a good theory, but even in the story above you'll find the problem to be unauthorised connections. In well managed setups that won't happen often, but it only takes one idiot to make a mess. Worse, sometimes you have an embedded system that is overlooked. Photocopiers, phone switchboards, they too have operating systems but the supplier doesn't always allow access to it as it's sold and maintained as a black box.
 
2. All updates can be applied immediately. Securing systems once doesn't help when the next problem comes along (with Windows, that safe timespan hovers somewhere between a few hours and a day max), but not all updates are very good for build stability. And in some cases, accreditation gets in teh way too. I have worked on Process Control systems (I'm actually at the root of a lot of teh Process Control security in a major oil company) and getting the manufacturers to agree to something like installing a simple anti-virus product is hard work (not in the least because such a beast can have a real impact on realtime performance).
 
Having said that, anyone jacking a laptop in without permission ought to get thrown out ASAP (it could also be considered a breach of, for instance, the UK Computer Misuse Act).

I guess (2, Funny)

iminplaya (723125) | more than 7 years ago | (#18539719)

As long as it wasn't the computer controlling the inanimate carbon rod, we should all be okay, right?

That night in Holland (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18539909)

Rob Malda was tired, very tired. He had been getting little sleep lately, dividing his time between homosexually assaulting hairless young man-boys in his converted arcade game shell [trollaxor.com] , fretting over the state of his LNUX stock, and drinking Jolly Rancher shooters with Hemos. But most of all, he was worried about what to do with Eric Raymond, who had spent the last eight hours trying to convince him to sell out a small part of his degenerate website [slashdot.org] to Intel. After eight hours, the discussion had settled into a predictable pattern:

"The only way to promote Open Source is through the support of America's corporate empires! We must join with them!" foamed Raymond, his beady eyes piercing into Rob's exhausted head.

"But won't that mean giving up our ideals of independent investigative jouralism and such? Did I put up with Jon Katz for nothing?!" squeaked Rob

Around and around it went. Finally, when it was past 2am, Rob suggested they both have a drink and change the subject, if only for awhile. Eric agreed, and they opened the bottle of Jägermeister he had brought with him, each of them taking swigs in turn. Before long, the bottle was empty and Eric was weeping.

"I'm poor!" he cried. "I'm destitute!"

"What do you mean?" Rob slurred

"I spent the last of my money on new LNUX shares, hoping they would turn around. Now, I'm so poor I can't even hire a transvestite to strip for me! I'm as poor as an ethnic minority!" the skinny hacker burbled, his mustache filling with mucus.

Rob felt pity on the red-haired defender of the 2nd amendment. Promising to relent on the Intel issue - even though that would only feed Eric's expensive sex-and-alcohol habits for a few weeks - he then told him he had a surprise for him.

Rob held Eric by the hand, and brought him across the room to his converted arcade-game shell which imprisoned a fearful hairless man-boy. The elder hacker's skinny penis slowly remembered its purpose and, with a grateful smile, Eric let go of Rob's hand, disrobed, and homosexually assaulted Rob's in-office sex slave.

These same guys INVENTED spam.. (3, Insightful)

burnitdown (1076427) | more than 7 years ago | (#18540093)

In the old days, they used to mail it to you. Yeah, on paper. And then you had to throw it out, and 800 billion tons of it are rotting in a landfill somewhere. The Fortune 1000 contains some of the people least concerned about the environment, or your spam-free virgin mailbox.

Reminds me of when I first started my current job, (5, Interesting)

BurningFeetMan (991589) | more than 7 years ago | (#18540123)

The PC hadn't been turned on in about 6 months. Apparently the dude who I was replacing was into Russian brides and err, certain types of ethnic pr0n, and had got the sack for various dodgy reasons 6 months prior to my instalment. Anywho, in the 6 months that this computer was un-manned, my company installed Norton across all other PC's.

My 2nd day was interesting, when I first turned on the computer. EVERYONE who had the Norton running detected all sorts of network worms and virusiis's (:P) the second I'd booted into Win XP. I thought,
"Oh crap, here we go. Time to clean up this mess..."
and began a search for *.jpg. Kapow, tonnes of hairy pr0n, selected all and shift deleted.

Next, it was time to install the company antivirus software, which was Norton. The next couple of days were spent trying to free my infected system of all sorts of goodies. I started by enabling the Norton Mail Monitor, and oh my, how funny!

"Scanning out going mail, Scanning out go-Scanning out going mai-Scaning out g-Scan"

The WHOLE screen filled up with Norton "scanning out going mail" boxes, like, 100's of them. This was my first job outside of the IT industry, and a big WELCOME TO THE REAL WORLD for me. So yes, what's the point of my story? Well, Russian brides are hairy. OH, and not all companies have IT departments, let alone competent IT staff who can source and cease zombie machines from operating.

Re:Reminds me of when I first started my current j (1)

David Off (101038) | more than 7 years ago | (#18540501)

Why didn't anyone pick up his PC was spewing viri etc when he was still using it? I don't understand why they didn't just ghost his machine like most companies do? After all there can't have been much worth saving if the m/c hadn't been turned on in weeks. I also think this "surfing dodgy sites" == "malware" is a bit overplayed. First of all a good proxy could block a lot of this stuff, such as executing certain types of Javascript and secondly unless someone is installing stuff by clicking on pop-ups or whatever the sites would have to rely on browser exploits which is less straightforward.

Re:Reminds me of when I first started my current j (1)

powerlord (28156) | more than 7 years ago | (#18542205)

Well ... the GP did mention that they in the previous 6 weeks they had installed anti-virus software company wide, so perhaps they knew they had a problem, but couldn't track it down since his computer was off (and they might not have had an on-site tech support department, according to his email).

I bet most companies under 30 employees don't have a dedicated IT person, just someone who's job got made to include IT (if even that).

9 times out of 10, they either get consultants to cover the stuff they can't handle "in-house", or else they do without. For those people, it just doesn't pay to have an IT person who would have tracked this down and nipped it in the bud, and if you have to call a consultant that you pay by the hour (probably a high $$$ amount), then if you think the problem went away (the computer was off and everyone was using anti-virus software), you might not have thought you needed to call it an expert.

Re:Reminds me of...my old .com job (0)

Anonymous Coward | more than 7 years ago | (#18540607)

I am reminded of my days at a certain large dot com company. (They still exist today and most people have always hated this particular company.) Anyway, the IT department required that all Windows boxes run antivirus software and that we never ever enable file sharing. (Which made my job interesting as I was developing software that made use of file shares!) Anyway, I constantly got notifications that such and such virus had attempted to infect one of my test machines. Occasionally I would get curious and look at where the attempted infection came from ... my favorite source being a distribution machine (you know, the machines clients download software from) nice! The IT department was very much loosing the war.

But I think my absolute favorite was the time the senior developer clicked on the infamous "AnnaKournikova.jpg.pif" email attachment which pretty well hosed his dev box. I still to this day have difficulty believing that a "smart guy" would do something so foolish. (In truth, I never thought he was that smart but he had the right attitude / company management liked him. You know how it is.)

Re:Reminds me of when I first started my current j (1)

jimicus (737525) | more than 7 years ago | (#18541351)

Wouldn't it have been quicker (not to mention more secure) just to rebuild the box?

At least that way there's no niggling question lurking in the back of your mind "Have we got everything? Or is there still some random trojan on there?"

Re:Reminds me of when I first started my current j (1)

BurningFeetMan (991589) | more than 7 years ago | (#18541599)

Of course it would have, but second day on the job, I didn't know what was what... not to mention literally "no" IT deptarment insite. It turned out that that computer in particular stored about 6 years worth of very very VERY important data, so lucky I didn't format the thing, etc. >_
There are still thousands of companies out there in manufacturing and mining industries that have been doing what they've been doing for the past 50-100 years. For such workplaces, a lot of them wing it when it comes to IT and security, as the companies them selves still remember 10 years ago, before computers exsited in their workplace.

(contractor at one of its power generator plants) (2, Funny)

colfer (619105) | more than 7 years ago | (#18540141)

D'oh!

Good bye erection dysfunction (4, Funny)

RealityNews (1080601) | more than 7 years ago | (#18540159)

The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks.
So I will finally be able to get viagra from reliable Internet sources? God bless you, capitalism!

Corrupt [corrupt.org]

Maybe it's time (1, Interesting)

dreamchaser (49529) | more than 7 years ago | (#18540263)

Maybe it's time for individuals and corporations to be held libel for what their computers spew. Got a botnet sending phishing emails from your business? Boom, big fine. Got an infected home machine sending out spam? Boom, a somewhat smaller fine.

Re:Maybe it's time (0)

Anonymous Coward | more than 7 years ago | (#18540317)

User spewing stupid ideas on slashdot? Boom! Biggest fine. I access paypal, dreamchaser.

Re:Maybe it's time (1)

enharmonix (988983) | more than 7 years ago | (#18542553)

Maybe it's time for individuals and corporations to be held libel for what their computers spew. Got a botnet sending phishing emails from your business? Boom, big fine. Got an infected home machine sending out spam? Boom, a somewhat smaller fine.

That would be awful. When somebody gets shot with a stolen gun, you don't go after the person the gun was stolen from; you go after the person who actually did the shooting. Same thing - you need to go after the people causing the infections.

The infection rate in my company's machines is about 1/3rd the national average, but it's still as many as 50 infections a year. How much was that fine? Because I don't know that we could afford it. And of the infections I handle, most of them are by kiddiez running metasploit, not by users surfing porn.

Re:Maybe it's time (1)

radtea (464814) | more than 7 years ago | (#18543301)

Maybe it's time for individuals and corporations to be held libel for what their computers spew. Got a botnet sending phishing emails from your business? Boom, big fine.

Sure, because look at how well putative penalties for other crimes have worked at reducing the crime rate.

For example North Dakota has one of the lowest homicide rates in the U.S., and no death penalty, ever. Texas has amongst the highest homicide rates, and the death penalty not only exists, it is fairly routinely applied.

Anyone who was serious about reducing homicide in Texas would look at this and say, "How can we make Texas more like North Dakota?" Unfortunately, we live in a world full of self-aggrandizing, arrogant, power-hungry blow-hards, who are far more likely to conclude, "We aren't killing enough Texans. Boom!"

Is the corporation centralized? (2, Insightful)

br00tus (528477) | more than 7 years ago | (#18540355)

It is easy for me to see this for a number of reasons.

1 - Is the entire corporation's IT department centralized? HP is a F1000 company - is HP and Compaq's computer networks fully merged? Or for Citigroup, is the old Citicorp network fully merged with the Travelers network? Or were Travelers Salomon Brothers and Smith Barney networks merged before that? And so forth. Wal-Mart's corporate network is probably standardized, but a lot of companies are the resut of many mergers over the years. Or some companies are just of a type where different divisions are very different so there is no or not much centralized corporate IT.

2 - Does the corporation have a global network? Global multi-national corporations have computers all over the world, and it can be hard to have a standard network in New York, Tokyo and London (etc.) New York and Tokyo may be solid, but London may be open to problems etc.

Re:Is the corporation centralized? (1)

Vulva R. Thompson, P (1060828) | more than 7 years ago | (#18542049)

Interesting point. I used a unique email address for years with VMWare without a single piece of spam. After EMC bought them a few years ago, within a couple months it was getting hit with 2-3 pieces a day. Never gave it much thought beyond filtering it.

Which brings up the point, pure speculation but it would seem that valid lists are becoming more valuable. The public's general awareness to not leave their address lying around has probably hurt the scrapers to some degree. Along with the rise of sneakemail and other remailers. If a company is being bought out, nowadays it might be worth the risk to fob the mailing list and make a mortgage payment out of it.

Then again, there's probably enough supply from the address book hijackers based on the number of botted machines in existence. Just ask my three Windows-enabled neighbors; doesn't take long after I give them a (unique) address that there's stock spam showing up in my inbox.

When I grow up (1)

Coraon (1080675) | more than 7 years ago | (#18543479)

Can I be hacker for a fortunie 500 company? Thank of the glamor (none) the babes (less then none) the sexy parties (ok mabye a few of those if your room mate is cool)

Interesting.... (1)

aliensporebomb (1433) | more than 7 years ago | (#18544705)

It's an interesting topic because with todays work environment potentially being
in many different locations (I'm literally in a different office every day of the
work week) and people being allowed to have their own equipment on the network
with only Symantec corporate edition between them and the network it's a strange
experiment. The vast majority of infections I see coming onto our network is
from people surfing....unsavory sites....from home in their off hours.

But I wonder if this particular revelation will lead to interesting lawsuits
against the large corporations from those who dislike spam leading to increased
vigilance of the IT groups of those companies (firewalled subnet for guest
contractors or others who bring their own equipment onto the network).

Food for thought.

Mod title -1 Troll (1)

rubmytummy (677080) | more than 7 years ago | (#18545623)

or something. TFAs are about security failures at large companies, not (as the title implies) companies voluntarily originating malicious e-mail.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?