Large Enterprises Still Serving Up Spam

Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem.

Last week, researchers at network security company Support Intelligence isolated an IP address within insurance giant Aflac that was being used by spammers to distribute mass amounts of e-mail messages, most of which were related to erectile dysfunction.

Over the course of a 24-hour period beginning on April 10, researchers at Support Intelligence and the SenderBase project estimated the volume of spam being distributed from the affected Web server, much of which included a pharming attack, jumped by more than 750 percent.

Once informed of the problem, representatives at Aflac said they began work to shut down the rogue spam source, but researchers said that the incident further illustrates the problems that many enterprises are still facing in battling spam.

As spammers have begun tapping into botnets controlled by other parties and found new methods for distributing their work via hijacked computers, the issue has only intensified, said Rick Wesson, chief executive of Support Analysis.

In the last month alone, Wesson's company has publicly detailed similar waves of spam emanating from a list of high-profile businesses, including 3M, AIG, and Thomson Financial, and the executive claims to have found similar campaigns coming from within blue chip companies, including Best Buy, HP, Intel, and Toshiba.

No matter how large the company and how much it has spent on antispam tools, he said, the issue remains a daily struggle.

"These companies are spending tons of money on security, but it shows that like some diseases within the human population, spam has become something that cannot be stamped out completely," said Wesson. "Companies shouldn't be ashamed about talking about it because it is happening to everyone; the financial models and the channels into IT operations for spammers are established, and it's not a problem that is going away."

The dilemma isn't that businesses aren't doing enough to fight spam, according to the security expert, but rather that the technology products they use include so many hidden code vulnerabilities that allow the spammers and botnet operators to sneak in.

The best examples of this problem are the handful of unpatched zero-day vulnerabilities that have been reported in Microsoft products in the last several months, according to Wesson. Spammers simply wait for new flaws to be exposed in popular products and begin assailing organizations with new threats that allow them to gain control of affected systems, he said.

After that it's simply a matter of using any compromised hosts to send out e-mail.

"What this says to me is that when large national insurance companies are still having this problem, all of Middle America does too," said Wesson. "If big business is not capable of beating this problem, SMBs must be getting absolutely killed by it."

Reached for comment, Aflac representatives indicated that they had not been made aware of the reported spam campaign before hearing about the event from researchers.

Company officials declined to comment further on the issue of spambots in their midst but said the incident has not led to any more serious security problems, such as a customer data breach.

"Protecting the integrity of our clients' data is one of our top priorities, and we want to assure everyone that no personal data was comprised," Alflac media representatives said in a statement. "We have identified the source of the spam, and are working to rectify the situation."

Other companies admit that the spam problem can take off quickly even when solid protections are in place.

Security leaders with Steelcase, a publicly-traded office furniture manufacturer, said that despite using technologies from Postini and WebSense, among others, to defend its 13,000 employees and IT systems from unwanted e-mail and other attacks, a single incident can quickly land your company's name on spammer blacklists.

Roughly a year ago, a visitor to the company connected an infected device to its network, which led to Steelcase unknowingly becoming a conduit for spam and become included by security researchers on the lists of suspicious IP addresses they advise people to block.

"In effect we ended up looking like a spam source because of one person, and we ended up on several blacklists, which caused problems for people trying to reach us because they subscribed to those lists," said Stuart Berman, security architect at Steelcase. "It really doesn't take much to put you in a painful position."

Spam also remains a serious headache on the incoming side, according to the security specialist. While Steelcase said that the technologies it has employed to filter e-mail, in particular Postini's outsourced message scanning service, have proven very effective, the sheer volume of unwanted e-mail that attempts to land on its servers is staggering.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark