Cathing my eye this morning is a blog entry from Ryan Naraine about how the spammers behind Blue Security’s demise are using a Storm worm variant to attack three antispam services. The distributed denial-of-service attacks use bot-infested computers to nail the Web servers of the Spamhaus Project, URIBL (Realtime URI Blacklists) and SURBL (Spam URI Realtime Blocklists (SURBL).
You might remember that Blue Security’s unique battle against spam backfired last year, leading to the demise of the company itself.
Blue Security had been having its 522,000 users fight back against the spammers by flooding them with simultaneous return emails, leading the spammers to counter-attack with the denial of service that crippled millions of other Web sites, including popular blog-host sites TypePad and LiveJournal.
Steve Linford of the Spamhaus Project released an online note about how the latest attacks are affecting his organization:
“The attack is being carried out by the same people
responsible for the BlueSecurity DDoS last year, using the Storm malware.
The attack method was sufficiently different to previous DDoS attacks on
us that some of it got through our normal anti-DDoS defenses and halted
our web servers.
At 02:00 GMT we got the attack under control and our web servers are now
back up, www.spamhaus.org is running again as normal.
The attack is ongoing, but it’s being absorbed by anti-DDoS defenses.
Also under attack by the same gang are SURBL and URIBL.
Storm is the ‘nightmare’ botnet, capable of taking out government
facilities and causing much mayhem on the internet. It has 3 functions;
sending spam, fast-flux web and dns hosting mainly for stock scams, and
DDoS. There is a hefty international effort underway by cyber-forensics
teams in a joint effort by law enforcement and private sector botnet and
malware analysts to trace the perpetrators.”