Would you trust a “managed solutions” company that allows compromised PC in its control to sending spam?
Ho hum, another comment spam storm is going on while you read this (all, hopefully, getting blocked).
One of the Trojan-compromised PCs being used to do this is at the IP address 195.245.247.155, and has been used since at least November 14 to try to post to this blog about online poker.
Who owns that PC? According to the RIPE lookup, it’s BIS Ltd - www.bis-internet.co.uk, which says of itself that it established its reputation as a supplier of high performance Enterprise Infrastructure solutions to major corporate players in insurance, financial, legal and media business communities.. It seems to be looking after this IP block for Mindshareworld, if I’m reading the RIPE data correctly.
I contacted them a day or two ago about this spam, suggesting they should lock down that PC, as it might be being used also for anything, since it’s clearly being used to send stuff out over the Web to my blog. Perhaps the login details of the person using it are going to online-poker too? Or their banking details?
No response from them, and the spam continues. So I’ll do as I said I would, and name them here. Hello, BIS people! You’ve got a PC on the network you manage that you aren’t controlling! Care to do something now?
Update Weds Dec 1: Turns out BIS is the ISP and Mindshareworld (or Mindshare) is the offending company, which is running a completely open proxy that spammers are bouncing their junk off. What does Mindshare do? They’re an advertising/PR/etc company. I suggested they might like to become better internet citizens by closing down their machine there, or at least securing it.
- These posts might be related (the database thinks..):
- Comment spam: and now the firestorm (16 September 2004; score: 69.16%)
- Spamming begins at home (4 August 2004; score: 43.44%)
- Ooh that Jemima Kiss, don't annoy her (17 March 2005; score: 40.16%)
![[Valid RSS]](wp-includes/images/valid-rss.png "Validate my RSS feed"){kind=small}
December 1st, 2004 at 3:11 pm
When the owner finds out that I just used their insecure system to post this comment to your blog, they might want to do something about it! I’ve e-mailed you all the technical details, Charles. Now, how about a quick game of ….
December 1st, 2004 at 3:56 pm
OK, I’ve just today (Weds 1st Dec) spoken to BIS Internet, who say it’s down to their client Mindshareworld to shut down this machine. It is listed as an open proxy all over the Web. Basically, you can use it to post anything web-style to anywhere.
BIS Internet’s man says he’s going to make it a priority internally to get the customer to tackle this machine. Well, here’s hoping. I still feel BIS Internet could wave a larger stick over a client whose machines are being used to spam the Web, but let’s see…
December 2nd, 2004 at 12:25 pm
I just checked, it’s still insecure and happily let me browse away and post this comment. Anyone want a bet on how long it takes them to secure it?
December 3rd, 2004 at 1:36 pm
Guess what Charles, that proxy now looks secure. I checked it three times. Well done Mindshareworld. But there are many, many more insecure machines in other places. Are you still being spammed?
December 3rd, 2004 at 1:42 pm
The attempts at comment-spamming continue as regular as the drip of rain - but not from that machine. Phew.