Pfizer has been one of the most active drug companies trying to combat fake Internet drugs sold by spammers. Pfizer is also a company which has been forced to admit three times in the last three months that tens of thousands of confidential employee records, including social security numbers, have been lost to identity thieves. But the biggest shocker came today when it was revealed that Pfizer has not responded to numerous warnings that its computers spew out spam emails for various drugs, including Viagra.
Rick Wesson, CEO of Support Intelligence, said that hundreds of Pfizer computers have been hi-jacked and are filling inboxes with spam emails for Viagra, a Pfizer product, as well as Cialis, another erectile dysfunction drug.
This has apparently been going on for at least six months and Mr. Wesson has collected 600 spam emails to prove it and says that 138 Pfizer IP addresses have been blacklisted by various spam-fighting groups.
Wesson’s company, Support Intelligence, tracks spam by monitoring inboxes at 250,000 website domains.
"Pfizer sticks out like a glaring downed jet in a haystack," Wesson says. "They constantly send us the most egregious spam. When there is this much smoke, there is a hell of a fire going on."
Pfizer has over the past three months proven itself completely inept at handling IT security issues. The company has suffered three breaches of sensitive data, affecting at least 50,000 Pfizer employees, which is half of Pfizer’s work force.
In the first breach revealed, a Pfizer employee exposed personal information on 17,000 employees after installing peer-to-peer software on a laptop. In its second disclosure of a data breach in as many months, Pfizer revealed that laptops containing personal data on 950 contractors for Pfizer were stolen from the car of an employee. And in the third breach, a former employee downloaded employee data, including social security numbers and credit-card information for about 34,000 Pfizer employees.
Wesson claims Support Intelligence has warned Pfizer numerous times that its computers were infected.
In March, Support Intelligence chief operating officer Adam Waters wrote a report, telling Pfizer that "an alarming amount of bot spam has been observed exiting the Pfizer network indicating multiple system infections." The report included detailed information about which machines were sending spam emails.
Though the report was sent to the company at the end of March, none of the identified problems has been fixed, according to Waters and Wesson.
Support Intelligence has an interest in seeing Pfizer resolving this problem, and may not be entirely altruistic when it comes to going public with their information.
The security company has unsuccessfully tried to sell Pfizer a network-cleansing-and-monitoring service.
We presume they will not get Pfizer’s business after their most recent revelations.
Wired first reported on this story.