[AusNOG] ATTENTION: Ransom request!!!

A clonemeagain at gmail.com
Fri Jul 8 23:21:34 EST 2016 

Cloudflare have an interesting article on it:
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
On 8 Jul 2016 11:15 pm, "Keith Anderson" <keitha at apcs.com.au> wrote:

> Hi All,
>
> Glad we have DoS filtering in place, hope it works.
>
> received this one yesterday.
>
> Have a good weekend all,
>
> ### HEADER
>
> Received: from removed [x.x.x.x])
> by removed (Postfix) with ESMTP id E077333F9F
> for <systemadmin at removed>; Thu,  7 Jul 2016 15:04:38 +1000 (PGT)
> X-ASG-Debug-ID: 1467867840-06ff6519594ed72d0001-Vn5JKc
> Received: from ks3293195.kimsufi.com (ks3293195.kimsufi.com [5.135.186.134])
> by filter1-removed with ESMTP id zxmM3rWeIgLfLFeL for <Removed>; Thu, 07
> Jul 2016 05:04:02 +0000 (GMT)
> X-Barracuda-Envelope-From: armada.collective at gmail.com
> X-Barracuda-Effective-Source-IP: ks3293195.kimsufi.com[5.135.186.134]
> X-Barracuda-Apparent-Source-IP: 5.135.186.134
> From: Armada Collective <armada.collective at gmail.com>
> To: <sysadmin at r <sysadmin at datec.net.pg>emoved>
> Subject: ATTENTION: Ransom request!!!
> X-Barracuda-Connect: ks3293195.kimsufi.com[5.135.186.134]
> X-Barracuda-Start-Time: 1467867841
> X-Barracuda-URL: XXX
> X-ASG-Orig-Subj: ATTENTION: Ransom request!!!
> X-Barracuda-Scan-Msg-Size: 1266
> X-Virus-Scanned: by bsmtpd at XXXX
> X-Barracuda-BRTS-Status: 1
> X-Barracuda-Spam-Score: 2.00
> X-Barracuda-Spam-Status: No, SCORE=2.00 using global scores of
> TAG_LEVEL=4.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=MISSING_DATE,
> MISSING_MID, PLING_PLING
> X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31081
> Rule breakdown below
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
> 0.14 MISSING_MID            Missing Message-Id: header
> 1.40 MISSING_DATE           Missing Date: header
> 0.46 PLING_PLING            Subject has lots of exclamation marks
> Message-ID: <20160707050438.7DECC16CC0B3 at filter1-X
> <20160707050438.7DECC16CC0B3 at filter1-dc3.datec.net.pg>XX>
> Date: Thu, 7 Jul 2016 05:04:38 +0000
> Return-Path: armada.collective at gmail.com
> MIME-Version: 1.0
> Content-Type: text/plain
> X-MS-Exchange-Organization-Network-Message-Id:
> 07157968-b5a4-4cfa-da65-08d3a624c308
> X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
> X-MS-Exchange-Organization-AuthSource: POM.local
> X-MS-Exchange-Organization-AuthAs: Anonymous
> ### END FULL HEADER
>
>
> -----Original Message-----
> From: Armada Collective [mailto:armada.collective at gmail.com
> <armada.collective at gmail.com>]
> Sent: Thursday, 7 July 2016 3:05 PM
> To: Removed
> Subject: ATTENTION: Ransom request!!!
>
> FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE
> DECISION!
>
> We are Armada Collective.
>
> All your servers will be DDoS-ed starting Saturday (Jul 9 2016) if you
> don't pay 5 Bitcoins @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC
>
> When we say all, we mean all - users will not be able to access sites host
> with you at all.
>
> Right now we will start 15 minutes attack on your site's IP X.X.X.X It
> will not be hard, we will not crash it at the moment to try to minimize
> eventual damage, which we want to avoid at this moment. It's just to prove
> that this is not a hoax. Check your logs!
>
> If you don't pay by Saturday, attack will start, price to stop will
> increase by 5 BTC for every day of attack.
>
> If you report this to media and try to get some free publicity by using
> our name, instead of paying, attack will start permanently and will last
> for a long time.
>
> This is not a joke.
>
> Our attacks are extremely powerful - sometimes over 1 Tbps per second. So,
> no cheap protection will help.
>
> Prevent it all with just 5 BTC @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC
>
> Do not reply, we will probably not read. Pay and we will know its you. AND
> YOU WILL NEVER AGAIN HEAR FROM US!
>
> Bitcoin is anonymous, nobody will ever know you cooperated.
>
> ———————————
>
>
>
>
>
> *apcsKeith Anderson l Managing DirectorAUS Mobile. +61 400 947 947
> <%2B61%20400%20947%20947> Fax.  1300 7654 27 <1300%207654%2027>PNG
> Phone. +675 303 1236 <%2B675%20303%201236>  Mobile. +675 76 947
> 947   Fax. +675 325 9066 <%2B675%20325%209066>Email. keitha at apcs.com.au
> <keitha at apcs.com.au> l Web. www.apcs.com.au <http://apcs.com.au/>*
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160708/645a90c2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.tiff
Type: image/tiff
Size: 46058 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160708/645a90c2/attachment-0001.tiff>

More information about the AusNOG mailing list