SUPPORT INTELLIGENCE  •  FIGHT THE ABUSE   LOG IN   |  SIGN UP   |  CONTACT US   
Support Intelligence
ServicesTechnologyBlogAbout usSign Up

Thursday, April 19, 2007

Owned hosts of Banc of America Securities

Bank of America

We had to wait for this one to settle down a bit before we brought it out in the open. We track many of the major Banks in the USA. Today we review a week of SPAM from Bank Of America. We have observed many months of good behavior from BofA but starting on April 2, 2007 a lone system named system6.bofasecurities.com [63.80.4.6] got infected with something nasty. The situation lasted until the evening of April 6th. During this time we collected 226 SPAM.

Support Intelligence wasn't the only place that noticed this box spew, System6 was blacklisted by CBL, TQM3, and UCEProtect. We also note that this same system has been blacklisted by SpamHaus before on 2006-12-31 and 2007-03-30.

None of the Spam we collect from System6 had any Received headers so we believe all the mail to have originated from hosts outside of Bank of America, probably via socks proxy - so lets be clear that this appears to be a casual penetration of [our attorney has encouraged us to leave this space blank]

On April 9th a new system popped up, host-63-117-180-6.eprimebroker.com [63.117.180.6] which is routed by AS 19438 ( PRIME-BROKERAGE - Bank of America ). This host primarly unloaded OEM software spam. It appears that the folks at ePrimeBroker are on top of it as this host only got 4 spam into our traps before being shut down. The 4 spam from ePrimeBroker all arrived within 90 minutes of each other, and we have not detected a new spam since April 9th . During its prime it was blacklisted by CBL and SpamHaus, while SenderBase showed a 316% increase in its SMTP traffic.

With 9 weeks of analysis that shows no indication of bots I'd say BofA did a great job up until our 10th week of observation when they had a two separate infestations. The good news is at least on was noticed and shut down quickly.

Bank of America will get infected again and we'll bring you a timely report of it.

Spread the word:  del.icio.us Bookmark it!    submit If You Can't Measure It, You Can't Manage It to digg.com Digg it!    Technorati Related



 

 

Sign Up  |   About Us   |   Terms of Use  |   Privacy  |   Contact

© Copyright 2006 Support Intelligence, LLC • All rights reserved