More like this

Security

IBM's SoftLayer cloud beats AWS, Azure ... at spreading spam

Mal-mail mavens say Big Blue's got some security scraps to fight in near future

IBM's US$2 billion acquisition SoftLayer is the world's largest source of spam, according to email vanguards Cloudmark and Spamhaus.

Big Blue acquired the cloud company in June 2013 and since then net forums have been filled with chatter about the amount of cyber-chaff the Dallas-centred outfit's users are spewing.

Spam clearing station Spamhaus puts SoftLayer at the top of its 10 worst offenders noting it has 685 spam block list issues as of the time of writing.

These included Dridex bots and hundreds of "massive sources of malware-distribution spam".

SoftLayer says it is working with authorities, SpamHaus, and IBM to end the spamming.

CloudMark told Krebs On Security a whopping 42 per cent of outbound email sent from SoftLayer servers is spam, making it the largest global source of email trash in 2015's third quarter.

"Current spam layers from SoftLayer are 600 percent higher than they were one year ago,” it says.

SpamHaus says spam continues, thanks typically to complicit telcos.

"Spam continues to plague the internet because a small number of internet service providers knowingly sell service to professional spammers for profit, or do not enough or nothing to prevent spammers operating from their networks," the organisation says in a note that doesn't mention SoftLayer.

"Although nearly all ISPs claim to be anti-spam, some executives factor revenue made from hosting known spam gangs into corporate policy decisions to continue to sell services to spam operations.

"Others simply decide that closing the holes in their end-user broadband systems that allow spammers access would be too costly to their bottom lines, or that the cost of hiring, training and tooling of a skilled abuse and security team is not worth the tradeoff in ISP reputation."

Cloud operators like SoftLayer offer terms of service that make it plain certain activities are forbidden. Cunning crooks, however, will do their best to disguise the nature of any naughty workloads they run. ®

Sponsored: 2016 Cyberthreat defense report