SUPPORT INTELLIGENCE  •  FIGHT THE ABUSE   LOG IN   |  SIGN UP   |  CONTACT US   
Support Intelligence
ServicesTechnologyBlogAbout usSign Up

Monday, June 25, 2007

SI on the BBC







This week we've got a double-header for you - first read about Support Intelligence on BBC News, then read about the security issues at the BBC we've observed.

The article, written by Mark Ward, highlights the message we've been bringing home in this blog - Corporations have a Bot Problem. The article relies on us as well as Tim Eades of the security firm Sana, and Alex Raistrick of Con Sentry in outlining the problem with infected PC's. All in all it should be familiar stuff to the readers of this blog, but we're happy to see the message continuing to echo farther and farther afield.

The next best thing about our conversation with Mark Ward was the opportunity if afforded us to tell someone at the BBC about the security problems on their network. And I must say, they took it quite in stride. Fortunately the problems were fairly benign.

We began tracking the BBC in late February and started receiving spam from them almost immediately on a nearly daily basis for several months in a row. All the spam flowed through: 212.58.224.18, mail0.thdo.bbc.co.uk, which is the same mail server that provides the "Email a friend" facilty on the BBC's main website http://www.bbc.co.uk. This is a separate mailserver than the one that outbound BBC employee mail comes from, or that delivers Radio 4 newsletters and such.

All the spam showed received headers from BBC webservers internal facing addresses such as www3-mgt.thny.bbc.co.uk - 192.168.208.33 and www15-mgt.thdo.bbc.co.uk 192.168.201.115.

Were these bots at work on the BBC network? Possibly. A much more likely explanation however is an insecure script on one or two of their webservers allowing them to proxy mail which the spammers identified. Possibly a cross-site scripting vulnerability or sql injection attack.

Whatever the case, the good news is the BBC folks apparently nabbed it - all malicious activity stopped dead on the 23rd of May, prior, in fact to our notification. Hats off the the BBC security team for plugging the hole and stopping their flow of spam.

See - sometimes these stories do have a happy ending.

Spread the word:  del.icio.us Bookmark it!    submit If You Can't Measure It, You Can't Manage It to digg.com Digg it!    Technorati Related

posted at 1:41 PM permalink 0 comments
tags: , , , ,



 

 

Sign Up  |   About Us   |   Terms of Use  |   Privacy  |   Contact

© Copyright 2006 Support Intelligence, LLC • All rights reserved