AOH :: ISNQ4516.HTM

Zombie Pfizer Computers Spew Viagra Spam




Zombie Pfizer Computers Spew Viagra Spam
Zombie Pfizer Computers Spew Viagra Spam



http://www.wired.com/politics/security/news/2007/09/pfizerspam 

By Ryan Singel   
Wired.com
09.06.07

Computers inside pharmaceutical giant Pfizer's network are spamming the 
internet with e-mails touting the company's flagship 
erectile-enhancement drug Viagra, along with ads for knockoff Rolexes 
and shady junk stocks.

But the e-mails are not part of Pfizer's official marketing efforts.

Pfizer's computers appear to have been infected with malware that has 
transformed them into zombie computers sending spam at the behest of a 
hacker. Oddly enough, they are spamming the public's inboxes with ads 
for the company's own product.

"There is a disaster inside this company, and they don't know it," says 
Rick Wesson, CEO of Support Intelligence -- a small San Francisco-based 
security company that alerted Wired News to the problem. 

Wesson says Pfizer computers have been spamming inboxes for the last six 
months and that he's kept 600 spam messages sent from company computers. 
He says 138 different Pfizer IP addresses have been blacklisted by 
various groups, but adds that he can't estimate the number of infected 
machines without more information or installing monitoring equipment on 
the edge of Pfizer's networks.

To illustrate what might be going on, Wesson says that when his company 
found a similar situation at an international shipping company that 
employs about 150,000 people, that company's subsequent audit found 
2,500 infected computers. Support Intelligence claims to have found 
similar spam bots at Bank of America and Toshiba.

However, Pfizer appears to be unaware of the situation, despite several 
warnings from Support Intelligence.

"If they (were aware), they would have taken care of the problem," 
Wesson says.

Much of the spam originating from Pfizer's machines pretends to be sent 
from Gmail accounts, says Wesson. Products hocked include 
penis-enlargement products with the names "Mandik" and "Manster," as 
well as pharmaceuticals like Viagra, the sleep drug Ambien and the 
sedative Valium. The spam also includes ads for Cialis, a Viagra 
competitor made by Eli Lilly.

On Tuesday morning between 7 a.m. and 10 a.m., Pfizer's network sent at 
least 20 messages about sex and penises, according to Wesson.

The number of infected machines is impossible to determine, because much 
of the traffic comes from behind a firewall that obscures the machines' 
internal IP addresses.

Support Intelligence tracks spam by monitoring inboxes at 250,000 
website domains that it owns -- opening those to allow any and all 
e-mail and tracking what they get. It also monitors communications to 
and from command-and-control centers, the computers hackers use to give 
instructions to a network of zombie computers known as a botnet.

Paul Ferguson works to fight botnets as a network architect for security 
giant Trend Micro. He says Support Intelligence does "great work" and 
acts responsibly in disclosing security problems.

"They harvest valuable intelligence and share it with the security 
community," Ferguson says. "They also do 'due diligence' showing that 
even large corporations are subject to security problems, and only do so 
when they exhaust other attempts at communicating to them that they have 
a problem."

Support Intelligence says they've seen connections between botnet 
controllers and computers inside Pfizer's network.

"Pfizer sticks out like a glaring downed jet in a haystack," Wesson 
says. "They constantly send us the most egregious spam. When there is 
this much smoke, there is a hell of a fire going on."

Pfizer did not respond to requests for comments.

The flood of spam adds to Pfizer's recent computer security woes. This 
summer, the company revealed that it had suffered three breaches of 
sensitive data, cumulatively affecting more than 50,000 individuals.

In one breach, a Pfizer employee exposed personal information on 17,000 
employees after installing peer-to-peer software on a laptop. In another 
breach, confirmed Tuesday, a former employee downloaded sensitive data, 
including social security numbers and credit-card information for about 
34,000 Pfizer employees.

Wesson says Support Intelligence has warned Pfizer numerous times that 
its computers were infected.

In March, Support Intelligence chief operating officer Adam Waters 
penned a report about Pfizer's infection, telling the company "an 
alarming amount of bot spam has been observed exiting the Pfizer network 
indicating multiple system infections." The report included detailed 
information about which machines were sending the rogue e-mails.

Though the report was sent to the company at the end of March, none of 
the identified problems has been fixed, according to Waters and Wesson.

Support Intelligence has also informed Pfizer of the problem during 
sales calls, where the security company unsuccessfully tried to sell the 
company network-cleansing-and-monitoring service.

There's no consensus estimate of the number of zombie botnet machines on 
the internet, but computer-security experts agree that millions of PCs 
are likely to be infected. Hackers use the computers for numerous 
nefarious purposes, from sending spam to extorting money from businesses 
through denial-of-service attacks.

The malicious power of botnets was displayed in April when Russian 
attackers launched sustained denial-of-service attacks against thousands 
of government and commercial websites in the small European republic of 
Estonia, to retaliate for Estonia's relocation of a World War II 
memorial statue of a Soviet soldier.

Hackers build botnets by infesting computers through booby-trapped web 
pages and spam infested with attachments or worms that travel from 
computer to computer. Most computer users have no idea they are 
infected, because the remotely controlled malware often uses a small 
fraction of the infected machine's computing power and has no effect on 
day-to-day computer usage. To fight this, savvy users often share tips 
and tricks for protecting personal computers.


____________________________________
Visit the InfoSec News Bookstore
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods