NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0133 Spam Sending Bots on US Military Networks:

Security researchers from Support Intelligence have traced spam-sending botnet clients back to networks run by the US military. Rick Wesson, chief exec of Support Intelligence, said the firm's honeynet system has received spam from an IP address owned by Randolph Air Force Base. The company has also observed bots - running IP addresses owned by the Directorate of Information Management - trying to connect to botnet command and control servers, evidence that PCs run by the directorate have become spam proxies under the control of hackers.

Most security experts associate malware-infected PCs that form the zombie components of botnet networks with careless consumers. Previous research on honeynets by the firm revealed that the networks of at least 28 Fortune 1000 companies contained malware-infected spam-sending PCs.

The misuse of US military networks by spammers and others is infrequently reported, but goes back some years. In August 2004, the Register reported how blog comment spams promoting illegal sites were sent through compromised machines associated with unclassified US military networks. Spam was posted on a web log that was set up to discuss the ID cards Bill via an open proxy at the gateway of an unclassified military network, according to the report.

(www.theregister.co.uk 16APR07)

Last Modified: Friday, 20-Apr-2007 20:05:54 EDT