By Ryan Singel – Wired
Computers inside pharmaceutical giant Pfizer’s network are spamming the internet with e-mails touting the company’s flagship erectile-enhancement drug Viagra, along with ads for knockoff Rolexes and shady junk stocks.
But the e-mails are not part of Pfizer’s official marketing efforts.
Pfizer’s computers appear to have been infected with malware that has transformed them into zombie computers sending spam at the behest of a hacker. Oddly enough, they are spamming the public’s inboxes with ads for the company’s own product.
“There is a disaster inside this company, and they don’t know it,” says Rick Wesson, CEO of Support Intelligence — a small San Francisco-based security company that alerted Wired News to the problem.
Wesson says Pfizer computers have been spamming inboxes for the last six months and that he’s kept 600 spam messages sent from company computers. He says 138 different Pfizer IP addresses have been blacklisted by various groups, but adds that he can’t estimate the number of infected machines without more information or installing monitoring equipment on the edge of Pfizer’s networks.
To illustrate what might be going on, Wesson says that when his company found a similar situation at an international shipping company that employs about 150,000 people, that company’s subsequent audit found 2,500 infected computers. Support Intelligence claims to have found similar spam bots at Bank of America and Toshiba.
However, Pfizer appears to be unaware of the situation, despite several warnings from Support Intelligence.
“If they (were aware), they would have taken care of the problem,” Wesson says.
Much of the spam originating from Pfizer’s machines pretends to be sent from Gmail accounts, says Wesson. Products hocked include penis-enlargement products with the names “Mandik” and “Manster,” as well as pharmaceuticals like Viagra, the sleep drug Ambien and the sedative Valium. The spam also includes ads for Cialis, a Viagra competitor made by Eli Lilly.
On Tuesday morning between 7 a.m. and 10 a.m., Pfizer’s network sent at least 20 messages about sex and penises, according to Wesson.
The number of infected machines is impossible to determine, because much of the traffic comes from behind a firewall that obscures the machines’ internal IP addresses.
Support Intelligence tracks spam by monitoring inboxes at 250,000 website domains that it owns — opening those to allow any and all e-mail and tracking what they get. It also monitors communications to and from command-and-control centers, the computers hackers use to give instructions to a network of zombie computers known as a botnet.
Paul Ferguson works to fight botnets as a network architect for security giant Trend Micro. He says Support Intelligence does “great work” and acts responsibly in disclosing security problems.
“They harvest valuable intelligence and share it with the security community,” Ferguson says. “They also do ‘due diligence’ showing that even large corporations are subject to security problems, and only do so when they exhaust other attempts at communicating to them that they have a problem.”
Support Intelligence says they’ve seen connections between botnet controllers and computers inside Pfizer’s network.
“Pfizer sticks out like a glaring downed jet in a haystack,” Wesson says. “They constantly send us the most egregious spam. When there is this much smoke, there is a hell of a fire going on.”
Pfizer did not respond to requests for comments.
I’ve been saying this for YEARS. The drug companies, in my opinion, are being run by corporate crimminals who will do anything for profit. Including hammer the hell out of the internet. No one in government has the balls to do anything about because they’re likely being paid under the table to leave it alone.
The fact that China, once the Red Menace, is now our friend and one of the worst spammers and drug counterfeiters is no coincidence. The truth will come out and with luck, some of these suited slimeballs will swing.