42 percent of IBM's SoftLayer outbound emails found to be spam

News by Roi Perez

According to anti-spam non-profit organisation Spamhaus, SoftLayer, a cloud-computing provider owned by IBM has been given top position on their list of ISPs that support SPAM and malware abuse.

A report this Wednesday by security expert Brian Krebs, called out IBM and its SoftLayer subsidiary, saying that the ISP has the worst abuse departments and "consequently the worst reputations for knowingly hosting spam operations".

Spamhaus said there are currently 685 spam issues associated with SoftLayer. To compare, next down on the list is Unicom-sc, which has a relatively meagre 232 issues listed against their name.

Despite being known as an engaged ISP that fights such spam, SoftLayer seems to currently being targeted by a Brazilian malware gang, Spamhaus wrote in a blog post earlier this month.

"We believe that SoftLayer, perhaps in an attempt to extend their business in the rapidly growing Brazilian market, deliberately relaxed their customer vetting procedures," Spamhaus suggested.

"Cyber-criminals from Brazil took advantage of SoftLayer's extensive resources and lax vetting procedures. In particular, the malware operation exploited loopholes in Softlayer's automated provisioning procedures to obtain an impressive number of IP address ranges, which they then used to send spam and host malware sites."

Confirming the problem, Cloudmark, another anti-spam tracker, spoke to Krebs and confirmed the problem. It said SoftLayer's network was the largest source of spam in the world in the third quarter of 2015, reports Krebs. It reported that a full 42 percent of all outbound email from SoftLayer was spam.

Repeat offenders

Early last year, SCMagazineUK.com reported how other big players in the world of cloud-computing, such as Google, Amazon and GoDaddy, were also being tapped by cyber-criminals to spread malware, spam and phishing attacks.

The Q4 2013 Threat Intelligence Report from the Security Engineering Research Team (SERT) at the Carnegie Mellon University revealed that the misuse of trusted address spaces offers cyber-criminals a new attack path against all Internet users.

The report puts this down to a technology shift over to the cloud, which gives users the ability to provision and de-provision systems and applications quickly and cost-effectively.

"The cloud has become a preferred mode for malicious actors who are using cloud computing for many of the same reasons that legitimate customers are, including the ease of site development, allowing malware distributors to quickly develop sites and bring them online," reads the report, which adds that using trusted address spaces like Amazon and Google means that the IP traffic will not be blocked by geographic blacklists, nor would it draw suspicion based on the IP addresses involved.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews