So, it looks like banks, insurance companies, publishers, manufacturers, and retailers all have problems with bots. But do airlines have problems with bots? You betcha.
On April 7th, something at ATA Airlines changed. Out of previous total silence, spam started arriving in our traps from ATA. It was clearly botspam, this time pushing Humet PBC, which trades as L9Z.F on the Frankfurt Stock Exchange. According to the good folks at Spamnation, this was part of a two part run between March 31st, and April 19th perpetrated on this stock.
All the spam from ATA touting the stock came from a single IP address: 220.127.116.11 - h-253-165.iflyata.com. The spam was nearly identical, 100% of it touted the same company, and the run itself lasted three days, peaking in the middle. Then poof - radio silence again.
Until the 28th of April that is when stock spam started arriving in our traps from ATA a second time. This run came from a different IP address: 18.104.22.168, resolving to h-253-225.iflyata.com. Again, the spam uniformly pumped a single stock - Electronic Koursewar - EKII.PK -, which was part of a much larger, distributed spam run, used forged received headers ( some from unrouted IANA space) , and mysteriously disappeared after three days.
Did ATA catch the problem and shut it down? We sure hope so. Out of the 10 weeks we've been watching ATA, they've sent spam on only six days, so hopefully this is a sign of a vigilant, if not perfect, security regimen.
Will the problem spring back up a third time? Were these systems also key-logging? Is there a drop file somewhere with other information in it? Impossible for us to say, but someone has to ask the question. Neither of the IP addresses delivering the botspam to us delivered a single piece of legitimate mail, and neither appear to be regular mail transfer agents - so what are they?
And if the IT security of civilian airlines isn't enough to get your attention, don't forget, ATA is also a big time carrier for the U.S. military, operating charter missions around the globe everyday.
And so, the bots rampage on...