Has Analyticbridge been attacked by remote terrorists?

We've experienced a number of small Internet problems that were easily fixed, just before Thanksgiving. But there was one attack that looked very weird, and the motivation behind this failed plot is obscure. Most likely, our publication of new material to better and automatically detect scammers on social networks probably triggered the retaliation. We've experienced this type of retaliation in the past, when publishing details about low frequency Botnets that we detected.


Most likely (as in the past), the attacker's purpose is the hope that we will publish additional details about the techniques that he used, possibly in order to learn from us and further refine further attacks. Maybe they also want to prove that they are not as stupid as I claim they are. Indeed, Internet attacks use rudimentary schemes in order to not reveal how sophisticated they could potentially be. Likewise, Internet defences use rudimentary technology in order to not reveal how sophisticated they could potentially be. In short, you don't want to show - whatever your camp is - that you have nuclear bombs to kill the ennemy, but instead, you'll use a hammer if it works.


So let's get back to this weird attack. A guy used a large number of IP addresses (kind of a Botnet, except that these IP addresses either didn't have domain names or were located in Russia and other related countries) to send millions of electronic messages. The "From" field appeared as [email protected] (my email address), but the "Reply To" fields didn't match the "From" field (a big mistake when sending spam). We've received hundreds of automated responses from the Yahoo mail servers saying that the target receipent (e.g. [email protected]) does not exist. That's easy to filter out. However this reveals  a big flaw in the Yahoo email technology, as it allows spammers to detect which Yahoo email account exist or not, and allow scammers to perform DOS (denial-of-service) attacks: think about Obama getting millions of messages in his mail box saying "this Yahoo email account does not exist".


Also, there were a few very surprising facts about this attack:

  • The English in the spam email was of very high quality, this is very unusual.
  • The subject title changed from recipient to recipient.
  • Another version of the spam message was targeted to people in Germany and Austria, and written in perfect German.
  • The spam message, about a very typical scam-my work-from-home scheme, didn't provide any link to apply for the advertised position, but instead requested the recipient to contact me (see below) for details.
  • The response rate was zero. We estimate that the email was sent to 3 million email addresses from a terrible mailing list (or manufactured mailing list). It went into a black hole, except for the fact that Yahoo sent me hundreds of error messages. Like I said, this attack was probably a test.

Related article: Detection of Spam, Unwelcomed Postings, and Commercial Abuses in Social Networks - http://www.analyticbridge.com/group/whitepapers/forum/topics/detect...


Examples of domain names used in the email attack against Analyticbridge:

  • misp.ru
  • dynamic.isp.telekom.rs
  • dynamic.mts-nn.ru
  • elcat.kg
  • estpak.ee

Message used in English version of the attack:

Good day,
While some companies allow for the occasional telecommuter, others base their business plan on obtaining a workforce of home-based employees. These companies consistently hire for work-at-home jobs.
More and more companies are turning to remote or home-based employees or independent contractors to perform duties that were once done in-house. If you want to get such job, but could't find a company hiring for work-at-home take a look on a text below :
Now let's take a look at Online Auctions. Online auctions are similar to real-life auctions, except that in the Internet version everything is done through the web. Instead of walking to a gallery or showroom, for example, potential customers browse {:et|online sites|web pages} to see photos, descriptions and offered prices for the goods being auctioned.
We at Our Company are dedicated to serving our customers any way possible. Our team pride ourselves in creating innovative solutions to any needs near-by Internet Auctions.
Not all auctions are the same. We handle the whole selling process. From initial appraisal and inventory to distribution of funds, we represent our clients from start to finish.
About us :Our Company, a chain of European eBay drop-off stores, announced it has begun opening stores in United States and plans to have over 170 locations in the USA and Canada during 2011-2013. The company said entry into USA and Canada represents our first steps towards developing the American market and furthers the company's international expansion, which began with the opening of franchises in Canada in October 2007.
We are proposing international position within our company and you even don't need to relocate to Europe !
Position valid for United States residents only!
VACANCY with the CONTRACT BASED EMPLOYMENT.
We are very pleased to report that, the position of the remote Administrative position in our company is offered to You. We hope that your knowledge and practice will find a deserving use in our business.
Something about the proposed position:
The payment:
The probationary period duration is four weeks. During this period you will be paid 5% commission from all payments managed by you. Usually the minimum of commission during a test period makes approximately $1000 in a month. After the test period the starting tariff rate of your payment will be $1,450.00 monthly plus the same commission rate of 5 %-s' such as in a trial period. So your total wage will be around $2450 monthly.
Benefits:Up To 3% of your annual gross salary, will be paid quarterly by the check or for the deposit for your choice as a bonus.
If you wish to begin an employment process or want to discuss it in details: feel free to reply on this email.
Thank you for your time,Hiring Department.




Related articles


0 Comments