- Related Stories
-
Blue Security attack linked to blog crashes
May 4, 2006 -
Antispam list gets spammed
May 3, 2006 -
RSA confab: Boom times for security
February 13, 2006
Blue Security, a company that provided antispam software and was widely praised for orchestrating a kind of do-it-yourself campaign to spam spammers, has "ceased all antispam operations," said Sandra Fathi, a spokeswoman for the company.
The surrender comes after the company's Web site, along with those of many of its partners, were hobbled by a denial-of-service attack earlier this month. The DoS attack, which used thousands of commandeered computers to overload the sites' servers with traffic, is believed to have originated with one Russia-based spammer, Fathi said.
The brazen show of power by the spammer is reflective of the defiant nature of these kinds of rogue advertisers. Almost as old as the Internet, unsolicited e-mail continues to swamp e-mail in-boxes and to clog servers, even as law enforcement agencies and regulatory bodies have tried to stop the practice.
Eran Reshef, Blue Security's CEO, thought he had the answer. He encouraged half a million of the company's customers to send replies to the spam they received. The combined traffic overloaded the spammers' servers and crippled their ability to send e-mails. This resulted in some well-known spam companies agreeing to stop e-mailing Blue Security's customers.
Blue Security's triumph was short-lived. Instead of capitulating, one spammer launched a denial-of-service attack earlier this month. According to security Web site SecurityFocus, the attacks overwhelmed several Web sites and Internet service providers. The spammer then threatened Blue Security.
The company could either shut down or the next attack would include a computer virus.
With innocent companies and Internet users potentially at risk, Reshef had no choice but to yield to the demands, Fathi said.
"The company is unable to fight this battle on its own," Fathi said. "This (spammer) has shown that he's willing to harm hundreds of innocent bystanders...(Reshef) didn't want to take the risk that these other businesses would come under attack."
Blue Security is now trying to determine whether there are other uses for its antispam technology, she said.
See more CNET content tagged:
spammer, anti-spam, denial of service, attack, security
I did try to visit their site several times in the last 10 days, and I kept on getting an error message on my browser.
This is pretty shameless that governments have no intention in protecting us from these criminals.
I did try to visit their site several times in the last 10 days, and I kept on getting an error message on my browser.
This is pretty shameless that governments have no intention in protecting us from these criminals.
without Windows.. this type of thing couldn't happen.
I get a little satisfaction. In Apple's Mail application, there is an
option to "Bounce to Sender"... I like doing this with the junk
mail I get. This way.. it is essentially the same thing thins guy is
proposing...but it also makes it seem like my address is not
valid.. so they stop sending me crap.
After doing this for a while.. I get very little junk mail on an
account that I have had for 4 years.. and use for everything.
Even if you count MS apps, Outlook has had one of the best embedded antispam systems for a long time. So I don't see any meaning in your comment.
Are all Apple users this confused?
without Windows.. this type of thing couldn't happen.
I get a little satisfaction. In Apple's Mail application, there is an
option to "Bounce to Sender"... I like doing this with the junk
mail I get. This way.. it is essentially the same thing thins guy is
proposing...but it also makes it seem like my address is not
valid.. so they stop sending me crap.
After doing this for a while.. I get very little junk mail on an
account that I have had for 4 years.. and use for everything.
Even if you count MS apps, Outlook has had one of the best embedded antispam systems for a long time. So I don't see any meaning in your comment.
Are all Apple users this confused?
And if the tactic wasn't effective, then Blue Security would NOT have come under attack.
And if the tactic wasn't effective, then Blue Security would NOT have come under attack.
The same goes for viral messages. If it can be identified -- in this case most likely by the virus being used -- it can most likely be killed automatically.
This article is a little weird. And what's with them trying to find another use for their product? Huh?
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Forget the Bluebird secuirty, even google and microsoft had a hard time when DOS attack was done few month ago using such zombie machines.
~Shantanu
http://godisnear.blogspot.com
The same goes for viral messages. If it can be identified -- in this case most likely by the virus being used -- it can most likely be killed automatically.
This article is a little weird. And what's with them trying to find another use for their product? Huh?
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Secondly, the spammer would be spoofing the IP address of any packets (and emails) sent, so if the company used a filter, the spammer could just change the IP.
Thirdly, it is possible (actually probable given the magnitude of the botnet) that the spammer is conducting a R/ADDoS Attack (A Reflected or Amplified Distributed DoS). For instance, the spammer could be sending out spoofed ICMP Echo Requests to innocent servers so that the attack is reflected onto the company's servers. The attack could even be using DNSs to amplify the attack. Such an attack would be very difficult to prevent because blocking requests from a DNS renders the website largely unusable anyway, thus defeating the purpose of preventing the attack.
However, analysing the packets and emails for traits unique to the spammer MAY allow modification of router ACLs (Access Control Lists) or firewall rules to prevent the attack. Alternatively, changing the company's server IP addresses may also solve the problem (not the email flooding though).
Otherwise, the only other possible solution would be to increase bandwidth, upgrade servers and sit out the attack - this costs money though and is apparently the reason why they are giving up.
In the end, unless governments globally (especially Russia, former Eastern Block states and China) crack down on spammers and botnets there is not a lot companies can do.
Forget the Bluebird secuirty, even google and microsoft had a hard time when DOS attack was done few month ago using such zombie machines.
~Shantanu
http://godisnear.blogspot.com
If he has 1000 Bots in each of the 50 states AND bots all over the world what you gonna do to stop it?
If he has 1000 Bots in each of the 50 states AND bots all over the world what you gonna do to stop it?
It looks interesting. How do you fight an e-terrorist whose main weapons are DDOS attacks and email flooding?
Quite simply.....you eliminate your points of vulnerability.
You need to replace the most common nodes of information exchange (email and websites) with more public nodes that are much more difficult to bring down (think P2P and newsgroups for instance).
You also need to amass a small army of your own that is capable of getting the attention of the service providers (of the PCs being used in the attacks) who support the attacks by giving access via thier networks.
This is not to punish the serice provider, but to protect others. The service providers should be worked with closely to build a system in which it is easy to disable PC access to the internet of any PC participating in a DDOS attack.
The only way to stop DDOS attacks and spammers is to make it unprofitable to the ISPs that turn a blind eye to that activity on thier networks.
Unfortunately, the only way to do that is to make thier operation unprofitable until they remove the threat.
As unfortunate as it is, the only way to moderate these attacks is to force the ISPs to get involved - whether they want to or not.
If there is another way, please let me know.
It looks interesting. How do you fight an e-terrorist whose main weapons are DDOS attacks and email flooding?
Quite simply.....you eliminate your points of vulnerability.
You need to replace the most common nodes of information exchange (email and websites) with more public nodes that are much more difficult to bring down (think P2P and newsgroups for instance).
You also need to amass a small army of your own that is capable of getting the attention of the service providers (of the PCs being used in the attacks) who support the attacks by giving access via thier networks.
This is not to punish the serice provider, but to protect others. The service providers should be worked with closely to build a system in which it is easy to disable PC access to the internet of any PC participating in a DDOS attack.
The only way to stop DDOS attacks and spammers is to make it unprofitable to the ISPs that turn a blind eye to that activity on thier networks.
Unfortunately, the only way to do that is to make thier operation unprofitable until they remove the threat.
As unfortunate as it is, the only way to moderate these attacks is to force the ISPs to get involved - whether they want to or not.
If there is another way, please let me know.
This little victory may be a point of pride to the spammers and criminals living there, but it is a set-back for the Russian people and the Russian government. Think about it. Who trusts a Russian web site? When the average person sees the designation ".ru" at the end of an address, don't you suppose that person hits the delete key with blinding speed? Any ".ru" address is immediately suspect.
The Russian economy is not built on spam. Spam money goes into the pockets of greedy criminals and organized Russian crime gangs. It doesn't float through the Russian economy.
Today, just as in the days of the Soviet Union, people do not trust the honesty and integrety of Russian businesses. That can only have a larger negative impact on the future of the Russian economy and a devasting trickle-down impact on the Russian people.
In the end it will have to be the Russian people and their government who put Russian spammers out of business and into prison. Russian justice is harsh and severe and that's exactly what those Russian spammers deserve.
- Russian Spammers and Organized Crime
- by dunnsanfrancisco May 19, 2006 4:50 PM PDT
- It is generally thought that the West won the Cold War. While it is true the communist experiment in Russia failed, it is not true that our problems with Russia ended with the fall of the Iron Curtain. Remember, it was Russian spammers who fried Blue Frog's legs and served them up with caviar.
- Reply to this comment
-
(36 Comments)This little victory may be a point of pride to the spammers and criminals living there, but it is a set-back for the Russian people and the Russian government. Think about it. Who trusts a Russian web site? When the average person sees the designation ".ru" at the end of an address, don't you suppose that person hits the delete key with blinding speed? Any ".ru" address is immediately suspect.
The Russian economy is not built on spam. Spam money goes into the pockets of greedy criminals and organized Russian crime gangs. It doesn't float through the Russian economy.
Today, just as in the days of the Soviet Union, people do not trust the honesty and integrety of Russian businesses. That can only have a larger negative impact on the future of the Russian economy and a devasting trickle-down impact on the Russian people.
In the end it will have to be the Russian people and their government who put Russian spammers out of business and into prison. Russian justice is harsh and severe and that's exactly what those Russian spammers deserve.