One of my clients has AT&T Internet for his ISP. I get regular emails from AT&T about malware.
A host (x.x.x.x) within your IP block may be infected with a trojan, virus, or worm; or you may have a malicious user on your network. The host in question, (y.y.y.y), is sending unsolicited commercial email (spam).
If x.x.x.y is your firewall/gateway/NAT then it is likely that the offending email is originating from your internal network.
Please ensure all of the following actions have or will be completed in order to properly secure your network:
1) Implement a hardware and/or software based firewall solution
2) Install an anti-virus software product
3) Update virus definitions on a regular basis (recommended: daily)
4) Run a full virus scan on all systems frequently (recommended: daily)
5) Install all critical operating system updates and patches Official Microsoft updates can be downloaded from the Microsoft Windows Update site.
6) Disable all unnecessary services including: file/print sharing, Web/FTP/email/DNS servers, and remote access services. Consider blocking the following ports both egress and ingress: 135 tcp, 139 tcp, 445 tcp, 1025 tcp, 1433 tcp, 2745 tcp, 5000 tcp, 137 udp, and 1434 udp
7) Consider installing an anti-spyware and/or anti-trojan software solution
8) To help counteract recent worms such as the Storm worm, block incoming port 80 tcp requests to all IPs other than your webserver(s)
9) To counter email worms, block egress port 25 tcp traffic to all destinations other than the authorized SMTP server at the router or firewall and monitor your logs for any machines attempting to violate this rule set
10) Wireless routers should be password protected, using WPA or WPA2 encryption (WEP only if WPA is not available), MAC address filter enabled, and SSID broadcast disabled.
AT&T Internet Services Security Center provides their top 10 actions to help curtail spam and spyware. What are yours?