Security Watch | Matt Hines » More enterprise spammers uncovered

April 27, 2007 | Comments: (0)

More enterprise spammers uncovered

TAGS: Security

Researchers at Support Intelligence continue to find spam sources they say are located within some of the world's largest businesses.

After outing spam distribution centers in companies including Aflac and Bank of America in recent weeks, the network security company has identified unusual e-mail traffic emanating from well-known enterprises including media conglomerate Clear Channel, book-seller Borders Group, and outsourcing specialists Affiliated Computer Services (ACS).

According to the Support Intelligence blog, Clear Channel, which owns scads of television and radio stations, began sending out significant volumes of spam in March. Most of the spam initially advertised low-price pharmaceuticals, Viagra and HGH, and came from multiple IP addresses within the firm, researchers said.

Spam traffic coming from Clear Channel spiked in late March and carried on through April as the mail being sent out shifted toward advertisements for cheap IT products, including those made by Adobe and Microsoft.

For Borders -- which the security company said does a "fairly good job" containing spam issues -- the problem consisted of a pharma-oriented spam run that pumped out mail at high volumes from March 29-April 3rd. Support Intelligence said that the spam was likely generated by a botnet-controlled device, and utilized resources in six different countries to power itself.

In the case of ACS, Support Intelligence said it specifically tracked a load of spam coming from several sources in the firm between late March and mid-April. Messages delivered from IP addresses controlled by the company included content advertising everything from pharmaceutical products and male sexual enhancement drugs to pump-and-dump stock schemes, before the torrent of e-mail slowed down, according to the security firm.

After I wrote a story about Support Intelligence's observations of Aflac-driven spam, representatives at the company gave me additional information on the situation. According to the PR officials, Aflac was not "hijacked" by spammers nor were any of its Web servers compromised, as I had originally reported.

In reality, company officials said the incident was "the result of a user's home machine that was attacked by a virus which generated roughly 80mbs of spam."

The company also denied the report that the campaign involved messages related to a pharming attack.

The firm said that the e-mails generated by the machine did not consist of "a spam campaign," as I'd reported, but rather "nothing more than spam selling a pharmaceutical product as a result of a virus infected PC."

I think I'm missing something in there, unless Aflac thinks it's OK for outsiders to usurp control of its employees' machines to distribute spam e-mail (and make money) from its IP addresses, that is.

Sure sounds like a spam campaign to me.

Posted by Matt Hines on April 27, 2007 01:27 PM

RATE THIS ARTICLE: