30 Days of Bots

We had 30 days of Windows vulnerabilities, 30 days of Apple vulnerabilities and now we have "30 days of bots". Support Intelligence, a security firm, has said they will "out" Fortune 1000 companies that have spam bots on their internal networks in what they call "30 Days of Bots".

They’ve mentioned companies such as 3M, AIG, Bank of America, and Nationwide Insurance among others. Not all are completely bad, such as BofA which had several occurrences but where quickly plugged. It’s been over thirty days since they started, there’s less than a dozen companies listed since they started March 26th.

Support Intelligence provides security monitoring services to companies so it’s intended to bring them publicity (which I’m giving them). Int some cases they mention that the breach seems to be isolated mail systems and the spam probably originated from outside the corporate network so data wasn’t compromised, but they claimed some companies had bots running internally. A corporate network with bots loose internally could compromise data which would be a concern.

Even though I’m writing about it, I think the "30 days of…" stuff is worn out and I’m not sure that this actually adds anything to the spam fight besides trying to embarrass companies into better securing their networks. Although anything to better secure networks is a good thing.