Subscribe to Dr. Granville's Weekly Digest

Botnets in the cloud: the new generation of spammers

Big data and data science is not just for good guys. If properly leveraged, it also provides competitive advantages for criminals, over their competitors, or to avoid detection.

Traditional Botnets (used for spam, phishing and other crimes) require a large network of infected machines to work. With better data science capable of identifying these zombie machines and shutting them down, spammers have found a new solution. This new solution is also less illegal as it relies on real email accounts that they own.

So how do they do it on a large scale? They open millions of accounts on Gmail, Yahoo and especially Hotmail. To open these accounts, they use automated web robots deployed in an highly distributed architecture, possibly using a traditional Botnet.

I know this because they actually resell these accounts. Once you have purchased 10,000 of these verified Yahoo email accounts for $100 on Bulkaccounts.net, you receive the list of logins/passwords in a spreadsheet, and now you can start sending your spam. You will need another web robot to log on automatically on all these accounts, compose a message and then get it sent out - but it's easy to find a hacker working remotely overseas and paid via Paypal. I'm assuming that after a few hundred messages per account, these Yahoo accounts will be terminated, but in the meanwhile, they have offered the criminal a possibility to massively deliver his payload - typically spam messages with links to get your computer infected, turned into a bot, or get your personal info stolen.

We see a huge number of these zombie users trying to sign-up automatically on social networks, bypassing the captcha and other sign-up filtering mechanisms. For now, they are easy to identify because

  • they use email addresses such as desir.goldxesr345tgk@outlook.com,
  • they sign up with a name such as Spamberg Butane, that does not match the email address,
  • and all their answers to sign-up questions consist of 2 random letters.

I'm sure they know how to do better, but it must be working for them since they've been doing this activity relentlessly for more than 6 months now, without being shut down. In our case, we do not ask you to confirm your email address after sign-up, as these email addresses could be used as traps to get us blocked by Yahoo mail or Gmail, in what is known as bounce attacks or other related schemes.

To compound the problem, large email providers such as Gmail generate so many false positives (when flagging a message as spam) and change their system all the time (read about they most recent innovation) that I believe some rogue companies - not just criminals anymore - will be tempted to pay for these new Botnet services, hoping to achieve better email delivery rate than what newsletter management vendors currently offer.

I can even imagine, one day, a rogue company, trying to kill its competitor by running giant spam campaigns to promote the competitor website. Until the competitor website gets shut down or their clients have vanished.

Related articles

Views: 622

Comment

You need to be a member of Data Science Central to add comments!

Join Data Science Central

Comment by Carla R. Ackley on July 19, 2013 at 9:17am

Don't forget all of the form spam that comes in daily. I have to block IP's on a daily basis because of it. Harvesters come through and leave blank outputs on several of my forms, or client forms daily. If the form is filled out by a script, then all we see is a blank output with the IP address and date, and then I have it blocked. Sometimes it's a bit more malicious, but mostly it's for spamming.

Follow Us

Videos

  • Add Videos
  • View All

© 2014   Data Science Central

Badges  |  Report an Issue  |  Terms of Service