When it comes to spam, IBM's SoftLayer is the host with the most

A Brazilian malware gang is at least partly to blame, according to nonprofit Spamhaus

IBM may be the fastest-growing vendor in the worldwide security software market, but it's also the owner of the world's largest source of spam.

That's according to a report by security expert Brian Krebs, who called out the company's SoftLayer subsidiary for being "the Internet’s most spam-friendly" service provider.

SoftLayer currently holds the top position on antispam nonprofit Spamhaus.org's list of the world’s worst spam support ISPs, which it defines as the ISPs with the worst abuse departments and "consequently the worst reputations for knowingly hosting spam operations."

As of Thursday, there were 685 known spam issues associated with SoftLayer, Spamhaus said. Unicom-sc, which is next down on the list, has a relatively meager 232 such issues.

Though it has traditionally been "a responsible ISP," including contributing to the security and antispam industries, SoftLayer seems to have recently fallen prey to a Brazilian malware gang, Spamhaus wrote in a blog post earlier this month.

"We believe that SoftLayer, perhaps in an attempt to extend their business in the rapidly growing Brazilian market, deliberately relaxed their customer vetting procedures," Spamhaus suggested. "Cybercriminals from Brazil took advantage of SoftLayer's extensive resources and lax vetting procedures. In particular, the malware operation exploited loopholes in Softlayer's automated provisioning procedures to obtain an impressive number of IP address ranges, which they then used to send spam and host malware sites."

Cloudmark, another global spam tracker, confirms the problem, according to an update Krebs made to his post later in the day.

Specifically, Cloudmark says SoftLayer’s network was the largest source of spam in the world in the third quarter of 2015, Krebs wrote. A full 42 percent of all outbound email from SoftLayer was spam, it reportedly said.

IBM is "one of the more recognizable and trusted names in technology and security," Krebs wrote. "Physician: Heal Thyself!"

SoftLayer, which was acquired by IBM in 2013, responded to a request for comment with a statement via email.

"IBM has removed all known spam accounts identified by the Spamhaus Project in this isolated spike," it said. "We continue to aggressively work with authorities, groups like Spamhaus and IBM Security analysts to eliminate further activity like this."

Spam is not just an annoyance but also a primary vector for phishing scams and malware, said Tim Erlin, director of IT security and risk strategy at Tripwire.

At the heart of the problem for ISPs is abuse of automation, Erlin added.

"Attackers are able to rapidly automate the setup of new domains, use them and replace them quickly when they are taken down," he explained. "Effectively, spammers use these productivity tools to run what amounts to a highly resilient business.”

Join the TechWorld newsletter!

Error: Please check your email address.

Tags Brian KrebsspamSpamhausIBMsecurityIBM SoftlayerBrazilian malware gangsoftwarenetworkUnicom-sc

More about CloudmarkTripwireUnicom

Show Comments
[]