Network News

X My Profile
View More Activity

Fortune 500s Unwittingly Become Spammers

The next time you receive a piece of junk e-mail touting penny stock, pimping Rolex watches, or lauding a work-at-home scam, consider investigating who really sent it. You may be surprised.

Security Fix reviewed spam samples captured in the last month and found many instances of spam sent via computers at well-known Fortune 500 companies. Among the findings were:

-- PayPal phishing scam e-mails coming from a machine at database software giant Oracle Corp.

-- Penny stock spam being relayed by a PC inside American Electric Power. A stock spam for a company called NutriOne Corp. was generated from networks owned by computer maker Hewlett-Packard. Another stock scam from ExxonMobil touted shares of China Fruits Corp.

-- Junk e-mail pushing knockoff prescription drugs, sent from a machine at IndyMac Bank. A message advertising similar goods was sent from a PC at Home Depot, and another from a computer at game company Electronic Arts. The EA machine is listed in Spamhaus.org's "Exploit Block List" (XBL), which flags Internet addresses showing signs of running spam relays, among other things.

-- Spam advertising penile enhancement pills relayed through a Dow Jones network.

-- Spam hawking costume jewelry and name-brand watches, relayed by a computer at Best Buy. This machine also is listed in the Spamhaus XBL list.

The junk e-mails listed above were gathered in traps set by Support Intelligence, a data mining company based in San Francisco. Rick Wesson, the company's chief executive, said the spam samples strongly suggest that the machines in these companies have been compromised by a virus or worm. He noted that most malicious software includes the ability to configure the infected machine for use as a relay for junk e-mail.

"Obviously, the idea that spam doesn't come from corporate America is a fallacy," Wesson said. "Take this computer at Best Buy, for instance. We've received thousands of spam from it over the past month."

Security Fix forwarded a copy of the messages and contacted the companies named. Below each spam e-mail listed in this post is information generated by looking up the Internet address and owner of the sending machine.

BestBuy spokesperson Kelly Groehler confirmed that the machine was sending spam, and said the company was "mortified" at the prospect of an internal PC spewing junk e-mail.

Groehler added that Best Buy's engineers were "fixing the problem as we speak," adding that "this is just not acceptable, and it's obviously inconsistent with how we want to run our business."

Steven Swick, an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants. The company blocked the contractor's PC from accessing the network after being contacted by Security Fix.

Swick said that due to contractual agreements, AEP was obligated to set up the contractors with Web mail, instant messaging and other communications tools that generally are not allowed inside of the company's network. "We're working with the contractor now to perhaps readdress the contract and see if there is more operationally that we can do to make sure this doesn't happen again."

A spokesperson for Hewlett-Packard declined to comment for this story.

By Brian Krebs  |  March 29, 2007; 11:11 AM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Enabling the Spammers
Next: Attackers Exploit Unpatched Explorer Flaw

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company