Bots Found Inside Many Big Companies


Support Intelligence, a network security company in San Francisco, is running "30 Days of Bots," a project that posts the names of big companies whose networks have been infected with spam-spewing bots.

Since March 28, the list identified more than a dozen corporations, including 3M, Aflac, AIG, Bank of America, Conseco and Thomson Financial.

Not all companies returned calls to Baseline, but the ones named above said they have found and stopped the spam. AIG, Aflac and Bank of America added that customer information wasn't compromised; Bank of America said financial information wasn't either.

Bots, short for robots, are PCs which have been infected with a piece of malware that forces them to take orders from a hacker. Baseline wrote about bots here.

Support Intelligence analyzes data on Internet traffic from over 100 sources, including spamtraps, which use secret, invalid e-mail addresses to attract spam, and blacklists of known sources of spam.

Its system is entirely passive, says chief operating officer Adam Waters. "We just sit back and see what people send us, unrequested." It stumbled on spam-generating Internet Protocol addresses from companies while analyzing security issues for ISPs.

Waters was shocked to find spam emanating from "secure" corporate networks along with home users, he says, because if a PC is pumping out e-mail offers for drugs and penny stocks, it's usually infected with a bot, which could also be tracking keystrokes, mining for data, sending out corporate documents and performing other mischief.

For the last year Waters and Support Intelligence CEO Rick Wesson called companies they found spamming, Waters says. But in big companies they had trouble connecting with people who had authority to clean up the networks. Waters thinks corporate upper management--CIO level and above--still don't appreciate the dangers of bots. "We'd talk to mid-level security people who understood botnets but had no buy-in from the CIO," he says. "Or the CEO had never heard about it."

So they decided after "much soul searching" to name offending companies. Their goal is to clean up the Internet, not embarrass people or make money, although Support Intelligence has gained some new business. But most companies are grateful to be told they have a problem, Waters says.

Still, some companies appear to have good security, and Support Intelligence would like to know more about how they do it. Charles Schwab's PCs have never sent spam, at least not since Support Intelligence started tracking it. Defense contractors and national labs also tend to be clean, which Waters finds comforting.


6 Comments for "Bots Found Inside Many Big Companies"

  • Mark Holman May 22, 2007 7:01 pm

    What this is really telling everyone that its a good time to review the software that your employer has purchased, the Firewall System, and other security packages, this should also tell you if your system has holes like swiss cheese then someone had better be closing off PORTS . While I am on my SOAP BOX check your WI-FI connections as well, War Driving has revealed open sites, you might as well hang a key to the back door with a bright orange tag says KEY TO REAR DOOR . don't be one of those companies we will read in the future and the head board people will be on a head hunt also explain to the money man the numbers of projected losses if they do not invest the time & money and explain its smart business sense, you may win a better deal come to reviews for raises ?? ( I just got off the soap box and Thank You ! )

  • Mary Roberson May 15, 2007 12:54 am

    I find this report very disturbing, not to mention the response from the Companies involved!

  • Keith Stevens May 02, 2007 4:51 pm

    We send out hundreds of abuse reports daily to ISP's , schools, and companies large and small. We have a special bot-net detection program we use called sendmail. We use some log file scanning and abuse reporting scripts along with a constantly changing abuse address database and have built a relatively sophisticated if not affective bot-net detection and notification tool. Building and running this tool has led to us blackholing huge numbers of networks mostly overseas but also here in the US we have networks that do not play well with others.

  • Bob Harris May 02, 2007 12:58 pm

    Deborah, Waters' conclusion that some companies are 'clean' is fantasy! Just because they have not seen them sending spam in the past 30 days *doesn�t* mean that Schwab, defense contractors, nat'l labs, etc. are 'clean'. There are many more (dangerous) uses of bots and botnets than sending spam. Bob

  • Sam May 02, 2007 12:11 pm

    the fact that Bank of America had the problem, isnt that like a violation of some federal law somewhere? I mean they are an financial institution and I would hope our government would hold them up to a higher standard and make them accountable.

Leave a Comment