Spammers have found ways to infiltrate some of the largest corporate networks in the world, and convert at least some of their computers into automatic spam generators.
San Francisco-based Support Intelligence, an 18-month-old firm that specializes in analyzing public Internet traffic data, says it has identified more than 500 Fortune 1000 companies that have been infiltrated and are sending out spam. In an effort to highlight the scope of this problem, Support Intelligence has been releasing the names of these companies on its blog, one at a time, along with the data used to identify them. Companies discussed so far include Bank of America, Toshiba, 3M, AIG, Clear Channel, and Affiliated Computer Services (No. 22 on the 2006 VARBusiness 500).
Companies not yet discussed, but on the lineup for the near future, include Toyota, Rockwell Scientific and Sara Lee.
One of the primary reasons that spam is such an enormous problem is that many spammers have gotten very good at covering their tracks, making it very difficult to trace the offending e-mail to its original source. They do this by using viruses and worms to infect computers all over the Internet, each of which installs an application known as a "bot" on any computer it infects. The spammer can then use bots to send spam from any or all of the infected computers. If others begin receiving spam messages that originate inside a corporate network, therefore, it strongly suggests that a computer inside that network has been infected.
According to Support Intelligence CEO Rick Wesson, the purpose of this excercise is to raise both public and corporate awareness. "Big companies sometimes tend to see this as a David and Goliath situation, where they're Goliath, with some teenage hacker trying to get in," he said. "They really should turn that on its head; how big is their security staff compared to everyone out there writing malware?"
"We're not pointing a finger at anyone," adds Adam Waters, Support Intelligence's chief of operations. "These people have been swept up in an epidemic; they're the victim of a crime, not the perpetrator. The only realistic way to approach this sort of problem right now is to expect that you'll be hacked, and know what to do once you are."
Most of the companies named have been reluctant to comment, though some acknowledged their security has been compromised.
"The problems were caused by malware that was able to bypass our normal security and infect some systems," notes Thompson Financial spokesman Joe Christinat. "Thompson took action to correct the problem and prevent any recurrence."
"We had a small problem, which has since been fixed," says 3M spokeswoman Donna Fleming. "We were never a major source of spam. There were a few issues with some systems that we had taken over as part of acquisitions."
Wesson notes that the news is not all bad. Support Intelligence also maintains a list of major companies that have never been identified as sources of spam, including Charles Schwab, Ford, Family Dollar Stores, Eastman Chemical and DuPont.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
