Pfizer PCs used to relay Viagra spam

Spammers have hijacked computers at drug manufacturer Pfizer, causing them to send junk emails advertising the company's product Viagra.

At least 138 of Pfizer's IP addresses are being used to send the spam after being loaded with Trojan software, it emerged this week. Aside from Viagra, the spam advertises penis-enlargement drugs, fake Rolexes and shares, according to botnet-tracking company Support Intelligence, which said that those IP addresses have now been blacklisted by anti-spam companies.

Support Intelligence has saved 600 sample spam emails over the past six months, and contacted Pfizer about the problem. But Pfizer has not cleared the problem up, Support Intelligence's chief executive Paul Wesson told Wired.com on Wednesday.

Although the spam emails were sent by Pfizer computers, recipients would not have realised this, as the spammers used forged web-based email addresses.

The incident adds to the company's embarrassment after three major security breaches, each of which involved the theft of Pfizer employees' personal data. In one of these breaches, revealed on 24 August, details of 34,000 Pfizer employees were stolen by a former employee. Pfizer said in a letter to its employees that "there is no indication" the information is being misused.

That announcement followed two other major data losses at the drugs company. Pfizer warned in June that peer-to-peer software on one of its machines may have leaked the details of 17,000 employees, and in July the company lost two laptops containing staff details.

No connection has been made between these breaches and the spam attacks.

Pfizer said it was "actively investigating the allegations" and that it wanted to make clear "our respect for privacy and commitment to adherence to applicable laws".

It did not say specifically whether it was taking steps to shut down the affected machines. But the company said in a statement that it will "pursue any and all remedies available to the full extent of the law".