Spam Profile: Affiliated Computer Services
We started our tracking project for Affiliated Computer Services on March 10th. It took about a week to catch our first spam from this company which does BPO for numerous corporate clients. On the 18th we received an offer soliciting Russian Lovers from 63.87.170.71 better known as pat.acs-inc.com. This single machine sent us 96 additional spams over the next few weeks.More here.
The flow began as image spam touting various pharmaceuticals and masculine enlargement techniques. Eventually the content changed to Hooudia diet supplements and OEM Software. It wasn't until the 23rd of March that 63.87.170.71 really started to spew however.
Note: Is this the same company that is responsible for several large-scale data breaches? Yes, I do believe it is.
Note [2]: Generally, the "pat" in "pat.acs-inc.com" above would generally stand for "port address translation", meaning that if that is indeed what the DNS FQDN name stands for, this individual host name is a basically a network address translation (NAT) gateway, and there could actually be several machines behind this gateway responsible for generating the spam.
1 Comments:
This is the public IP for some 1000+ workstations and servers. It would not surprise me if one of them is infected with a virus / trojan.
Post a Comment
<< Home