The infection left the business with intermittent email for two days. It became a major source of spam emails and its email gateway was forwarding tens of thousands of spam emails purporting to be from a Spanish bank.
Proofpoint provided a solution called a Messaging Security Gateway appliance to remove spam from outbound and inbound email, ensuring its systems remain operational 24 x 7.
“Email is our key communications tool,” said Tom Lineen, Sydney-based IT manager for The Leading Edge, which employs over 100 staff in Sydney, Melbourne, Singapore and London.
“We rely on email for all aspects of our work, from selling our services and setting up contracts to client communications.
“When email is down, people are very unhappy. We work on highly critical timeframes for some of our projects. If the email system hadn't come back we could have lost business."
Initially, on discovering the problem, The Leading Edge's IT staff took down the company's email server and re-established its Internet connection.
But, their efforts to stop the infection proved frustrating. Each time they thought they had fixed the problem and restarted the email server, the infection would re-appear in a different form and start sending out spam emails again.
“It was a very hard problem to resolve. We were losing internet connection, having speed issues then realised we were sending out tens of thousands of emails every hour that were clogging up our internet server, taking down the system and overloading it,” said Lineen.
“The Botnet (virtual network where external machines use internal email systems to send emails on behalf of someone else – such as a Spanish bank) was changing all the time. They might be sending it from one system, but as we worked through the problem, the emails changed and started coming from different places,” he added.
The company realised it would first have to deal with the symptoms of the problem before addressing the cause.
The IT department at the Leading Edge decided that if it could stop outgoing spam it could restore its email systems.
The company was already protected by an anti-virus solution and an email security solution, but neither could do anything to help.
The email security solution only offered protection against incoming spam and relied on a reputation-based system to identify spam emails, so it was unable to stop spam originating from a trusted source - in this case, the company's own mail server.
“We had our own anti-virus solution in place and we still continue to use the companies that supplied that. Their products are good for what they do, but not good for helping me resolve my problem.
Case study: The Leading Edge calls Proofpoint to disable Botnet attack
By Jenny Eagle on Oct 9, 2008 3:13PM