Bots Found Inside Many Big Companies


Support Intelligence, a network security company in San Francisco, is running "30 Days of Bots," a project that posts the names of big companies whose networks have been infected with spam-spewing bots.

Since March 28, the list identified more than a dozen corporations, including 3M, Aflac, AIG, Bank of America, Conseco and Thomson Financial.

Not all companies returned calls to Baseline, but the ones named above said they have found and stopped the spam. AIG, Aflac and Bank of America added that customer information wasn't compromised; Bank of America said financial information wasn't either.

Bots, short for robots, are PCs which have been infected with a piece of malware that forces them to take orders from a hacker. Baseline wrote about bots here.

Support Intelligence analyzes data on Internet traffic from over 100 sources, including spamtraps, which use secret, invalid e-mail addresses to attract spam, and blacklists of known sources of spam.

Its system is entirely passive, says chief operating officer Adam Waters. "We just sit back and see what people send us, unrequested." It stumbled on spam-generating Internet Protocol addresses from companies while analyzing security issues for ISPs.

Waters was shocked to find spam emanating from "secure" corporate networks along with home users, he says, because if a PC is pumping out e-mail offers for drugs and penny stocks, it's usually infected with a bot, which could also be tracking keystrokes, mining for data, sending out corporate documents and performing other mischief.

For the last year Waters and Support Intelligence CEO Rick Wesson called companies they found spamming, Waters says. But in big companies they had trouble connecting with people who had authority to clean up the networks. Waters thinks corporate upper management--CIO level and above--still don't appreciate the dangers of bots. "We'd talk to mid-level security people who understood botnets but had no buy-in from the CIO," he says. "Or the CEO had never heard about it."

So they decided after "much soul searching" to name offending companies. Their goal is to clean up the Internet, not embarrass people or make money, although Support Intelligence has gained some new business. But most companies are grateful to be told they have a problem, Waters says.

Still, some companies appear to have good security, and Support Intelligence would like to know more about how they do it. Charles Schwab's PCs have never sent spam, at least not since Support Intelligence started tracking it. Defense contractors and national labs also tend to be clean, which Waters finds comforting.