Blue Security attack linked to blog crashes

A cyberattack that shut down Blue Security also felled thousands of blogs when the antispam site deflected the malicious hits, analysts said.

Internet security company Netcraft said on Thursday that Blue Security temporarily dealt with the distributed denial-of-service (DDoS) siege by redirecting traffic to its journal at blog host Six Apart, knocking out that company's TypePad and LiveJournal services.

"The DDoS traffic appears to have followed www.bluesecurity.com to its new home, overwhelming Six Apart's network and knocking its TypePad and LiveJournal services offline for nearly eight hours," Netcraft analyst Rich Miller said in a blog posting.

In a DDoS attack, networks of compromised computers called botnets are typically used to repeatedly request information from a server or data center. Such a barrage of requests can cause servers to fail and can prevent legitimate users from accessing the site.

The Blue Security redirection was first reported on the North American Network Operators Group mailing list on Tuesday.

On Wednesday, Six Apart told CNET News.com that if it faces an attack, the problem is often related to the content posted on one of the blogs it hosts. However, the San Francisco company declined to comment on Thursday on the origin of the DDoS siege.

"Blue Security is a customer of ours, they do have a blog with us," Six Apart Vice President Anil Dash said. "Beyond that, I don't want to confirm anything. Any kind of an attack like this is really the fault of the attackers."

According to postings on Blue Security's blog, the DDoS attack was launched in response to its method of combating spam. Blue Security distributes a tool called Blue Frog to flood companies sending spam with complaints--one for every piece of junk mail received. This overwhelms spam sites with opt-out requests.

Blue Security was unavailable for comment at the time of writing, but in its blog posting, it said Blue Frog would continue to combat spammers.

"We're helping the community fight the Blue Independence War. We fight for our freedom from spammers and cybercriminals. This is our big chance to reclaim the Internet. We must not let it slip from our hands," it said in the blog.

"Some desperate spammers are doing their worst to harm our community. They'd like us to back off, and agree to get their spam silently. Needless to say, that is not going to happen. We're not here to listen to their vile threats and fraudulent advertisements. We're here to stand up for our right to be let alone," the posting added.

"The issue here is whether Blue Security acted responsibly when it came under attack," Netcraft's Miller told ZDNet UK. "The current generation of DDoS attacks generate huge amounts of Web traffic and can impact the operations of connectivity providers and hosting companies. Blue Security should have realized that its new host would be affected by the DDoS traffic."

Tom Espiner reported for ZDNet UK in London. CNET News.com's Joris Evers contributed to this report.

[SeizeCTRL]

Message has been deleted.

[mikevieira]

Internet Corruption

I'm afraid that there are a lot more spammers out there with very high postions in the internet world.

The fact that major internet companies can blame blue security for fighting back is ridiculous. Spammers are not impossible to find as blue security has proved it to everyone. In other words they are not invisible.

Problem is that many large internet companies are actually part of the problem thats why they're attacking blue security. Not all are involved but there are many who are that's why the FBI is more interested in arresting kids and little hackers.

Fact is that there is big money in spam when you have to buy spam filters and antiviruses with firewalls etc. This massive attack is proof that the spam business is no little guy or teenager sitting behind a computer.

Blue security must have been very close to finding out the big guns behind the Spam industry. That is why they wanted their head on a plate so to speak.

You can delete this if you want but that only proves that you may be part of the problem not the solution.

I think that we should have a P2P type of blue security program with no central server. Then lets see the spammers try and stop it.

I'm willing to bet that the FBI and other government losers operating on behalf of their loser big brother compnaies would then get involved.

Shame on all of you for blaming blue security for this problem.

Mike