Anything Forums

BUMMER--BUNCH OF WUSSYS

The program worked so slick too--DA* IT!

Blue Security folds under spammer's wrath

Robert Lemos, SecurityFocus 2006-05-17

Israeli anti-spam startup Blue Security decided on Tuesday to shutter its aggressive anti-spam service, citing threats of further--and more malicious--attacks on its service and users.


“ We deal with attacks on a regular basis, and this was an order of magnitude larger than what we are used to seeing. For the first part of the attack, this was seen as a network problem, because it caused connectivity issues for two of our three upstream providers. ”

Elliot Noss, CEO, Tucows

The company's service, Blue Frog, enabled nearly a half million users to automatically opt-out of unsolicited bulk e-mail messages, or spam, by each sending a single message back to the advertiser. Collectively, the automated opt-out messages inundated the clients of spammers forcing six of the top-10 bulk e-mail groups to agree to use the company's filtering software to cleanse their mass-mailing lists of any Blue Frog users, according to the firm.

However, one spammer decided to attack back instead. Starting May 1, the spammers--who Blue Security identified as PharmaMaster--attacked the company's Web site and spammed Blue Frog users with even more mass mailings. The attacks not only disrupted Blue Security's operations but knocked out the Web blog hosting service Six Apart and a handful of Internet service providers, including Tucows.

While the company had started recovering from the initial attacks, the spammer promised more to come, said one company source. Those threats and the collateral damage led the firm to decide to shutdown its service.

"We cannot take the responsibility for an ever-escalating cyberwar through our continued operations," Eran Reshef, CEO and founder of Blue Security, said in an e-mail to SecurityFocus. "As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities and are exploring other, non spam-related avenues for our technological developments."

The closure marks a sudden end to a controversial service and highlights the importance of spam as a source of cash for the underground Internet economy. In December 2005, spam e-mail message accounted for half of all e-mail sent, according to security firm Symantec. (SecurityFocus is owned by Symantec.) While spammers cost companies an estimated $20 billion, they only netted roughly $20 million to $30 million in profits in 2003, according to estimates by analyst firm Ferris Research.

The attacks also underscore the power that criminals can still wield on the Internet, especially through large networks of compromised computers known as bot nets. Bots have become the tool of choice for many online criminals to extort money from legitimate companies by threatening a hard-to-stop denial-of-service (DoS) attack; other criminals use the controller software to install adware on the compromised PCs to earn affiliate fees from the advertising networks.

The success of the attacks also reveals that, despite e-commerce companies' assertions that the Internet has become safe for business, the worldwide network has progressed merely from the Wild West to the equivalent of the 1920s mob-controlled urban centers, said Peter Swire, a law professor at Ohio State University and a member of the advisory board of Blue Security. To fight the online gangs of the Digital Age will take concerted efforts on behalf the U.S. government and other countries, he said.

"This attack was from an organized crime ring on the Internet," Swire said. "The rising amount of extortion on the Internet is a symptom of under-enforcement. It takes concentrated effort to break up any mob, and legitimate companies are at risk of extortion attacks unless enforcement and other cybersecurity measures improve."

MORE HERE LIKE 4 PAGES OF SAD TALES

NOW I HAVE TO UNINSTALL IT___________SIGH

Archived topic from Iceteks, old topic ID:4347, old post ID:35002

No way, they let the spammers defeat them? wth. I would of pulverized every single one of them with large scale DDoS and make sure the data center comes down to a grinding halt, forcing to bring the spam servers offline. Or something like that. I was thinking of signing up too.

I dont even know why spammers are so defensive about their no life activities, not like they're getting anything out of it, other then anoying people with useless smtp data packets going through their networks.


But really, spam needs to be made illegal, more illegal then piracy, since spam costs more money, does more damage, and actually harms people/networks, unlike piracy. If a company is paying for their bandwidth depending on how much of it they use, spam is making it cost twice as more as it should.

Archived topic from Iceteks, old topic ID:4347, old post ID:35004

YEAH--It's like I tried to access the site & kept geting page cannot be found---so I Googled it----unreal.

I found a blog somewhere where all the spamers were ploting how to f---- them up.

AND as it was an Israeli site--I'm suprised they didn't nuke them---lol

OH_WELL I'll just go back to 'block this sender' in Outlook Express.

Just like spyware that screws up yer PC-I wonder why no ones ever sued them??

If you get that Spy Sheriff & have to take yer PC in & they have to do a wipe & reload I'm sure it would not be free.

Archived topic from Iceteks, old topic ID:4347, old post ID:35008

HERS ANOTHER ARTICLE:


PharmaMaster Brings Down Blue Security's Internet Property Plus Some


Sunday, May 07 2006 @ 07:11 PM CDT
Contributed by: ByteEnable

General NewsMENLO PARK, Calif. – "PharmaMaster", one of the world's leading spammers, is the culprit who is holding the entire Internet hostage to stop the Blue Community and keep his spam business running says Blue Security. Blue Security is a company based in Israel than fights spam by targeting spammers and the businesses that advertise their products using spam.

Eran Reshef, CEO of Blue Security, said, "Six out of the top 10 spammers worldwide have stopped sending spam to the Blue community recently; as such, PharmaMaster is determined to prevent this change in the spam economy. After a barrage of threatening letters last week that only made the Blue community stronger, PharmaMaster resorted to sophisticated attacks on Blue Security."

Reshef continued, "The attacks started with a strike on the Internet backbone itself, causing the Blue Web site to become inaccessible to visitors outside Israel, while remaining available for Israeli visitors. The attack used a technique called "Blackhole Filtering". PharmaMaster boasted that it was he who was able to make a top-tier ISP's staff member to block Blue Security's former IP address (194.90.8.20) at the backbone routers."

In PharmaMaster's words (taken from ICQ sessions where PharmaMaster contacted Blue Security): 'Support (top-tier ISP's name withheld) says: Yes wont be a problem, I'll make sure to block all traffic to this domain very soon just get me reports, mate.'

Reshef continued, "Thirty minutes after Blue closed its Israeli site and posted a note on its blog site, PharmaMaster ruthlessly ordered a massive, sophisticated DDoS attack against any site associated with Blue. This attack caused five top-tier hosting providers in the U.S. and Canada, a major DNS provider and a popular blog site to go down for several hours."

PharmaMaster summarized the situation (excerpt from ICQ session): "you know Ii feel sorry for you and all the world 9000 servers (which) are down "

According to Reshef, PharmaMaster also told Blue Security that if he can't send spam, there will be no Internet. He also said that he will do whatever it takes to continue his fight but acknowledged the power of the Blue Community.

PharmaMaster (excerpt from ICQ session): "Blue found the right solution to stop spam, and I can't let this continue."

When Blue Security realized the spammer had blocked access to their website to obstruct members from using their service or access their website to receive more information, the company performed a series of tests to determine what had happened. These tests clearly indicated that the corporate site was not subject to a DDoS attack since it was accessible from inside Israel and there was no load on the system. These symptoms were in accordance to what the spammer had indicated he would do (i.e. block all traffic to our site from outside of Israel) in an ICQ session.

In order to inform the Blue Security community of what had happened, the company used a previously-existing blog site for the Blue Community which had been host to the companys corporate website prior to July 2005. Blue Securuity posted a short blog item to inform their users and other constituents of the situation and how the company was working to solve the issue. After the name server had been updated such that traffic to www.bluesecurity.com reached the blog, the blog was active and functioning and many users had posted comments. It was only 40 minutes after the redirection that PharmaMaster decided to launch a DDoS attack on www.bluesecurity.com, now hosted at TypePad.

Blue Security has restored its community-based anti-spam service to its members, and has already contacted the relevant authorities. Blue Security is working closely with its service providers and partners to help resolve the problems and mitigate risk.

Blue Security is calling upon its members and supporters worldwide to help the community to win the fight against the criminals who wish to control the Internet. Community members and Internet users can assist by making the information published by Blue Security available on their Web sites and help more people know about the community's effort to reclaim the Internet from the hands of cyber criminals.

Why can't the Feds go after the spammers--If they created a worm as some hackers have & shut down parts of the web the Feds would certainly react?






Archived topic from Iceteks, old topic ID:4347, old post ID:35009

ping -f

The question one may ask, is "Why would ping -f exist, if it can be used as a denial of service attack?"

Well, ping -f wasn't originally for ping-bombing someone's network to death - it was for testing. If you look at the ping manpage in a standard linux distribution, it states that it's for testing a network. From my experience, a small home network (3 or 4 computers) doesn't have much latency to it - 10 or 20 ms at most.

The "ping -f" command shows a number of dots - one for each hundred pings sent. If a ping is replied to a hundred times, the dot gets erased. This can be used to determine a network's health.

For instance, you're on computer "192.168.0.1" - let's call this one "moonshade". Computer two is "luna" at *.2, and computer three is "minimoonshade" at *.3. You're on "moonshade", the server, and you send a flood-ping (ping -f) to luna. The dots only stack up slowly - one dot or so per second. By comparison, flood-pinging minimoonshade stacks up the dots almost immediately. This could be telling you one of a few things - either the cable going to minimoonshade is bad, the connectors are bad, the NIC on minimoonshade is bad, the switch connecting the network together has a problem, or possibly the NIC on moonshade is bad. It's a quick and dirty way to test the line from NIC to NIC. More testing, say from luna to minimoonshade or luna to moonshade may help narrow down the problem using basic troubleshooting techniques.

The network configuration shown is based, very loosely, on the three computers I have on my home network.

Some notes on the command - first of all, it sends either 100 pings per second, or sends pings as quickly as they are replied to. Secondly, on a linux machine, it can only be run by the root user. Third and last, on a Windows machine, it sends the "Don't Fragment" command along with the packet.

Archived topic from Iceteks, old topic ID:4347, old post ID:35010

Red Squirrel wrote: I would of pulverized every single one of them with large scale DDoS and make sure the data center comes down to a grinding halt, forcing to bring the spam servers offline.

Ah, I see you share the same botnet as the spammers

Sheesh, these guys folded like a house of cards, though admittedly, if the ddos attack brought down their new host, who's main feature is to deter DDOS attacks like that, they probably wouldn't be live too often anyways.

Still, a shame, I was getting a fair reduction in spam being on the list.

Archived topic from Iceteks, old topic ID:4347, old post ID:35011

I will do some intensive research on this "pharmamaster" looser and make sure to haunt him forever. Like track down all his activities, get his sites DoSed, shutdown, etc... I will try to cost him as much money as possible. Problem is I lack the time for these things, but if I get bothered, he'll be sorry he ever decided to be a spammer, instead of getting educated and getting a real job like everyone else does.

Archived topic from Iceteks, old topic ID:4347, old post ID:35012

sintekk wrote:

Red Squirrel wrote: I would of pulverized every single one of them with large scale DDoS and make sure the data center comes down to a grinding halt, forcing to bring the spam servers offline.

Ah, I see you share the same botnet as the spammers

Sheesh, these guys folded like a house of cards, though admittedly, if the ddos attack brought down their new host, who's main feature is to deter DDOS attacks like that, they probably wouldn't be live too often anyways.

Still, a shame, I was getting a fair reduction in spam being on the list.

And the spammers are low income (welfaire, if that, more parent's allowance I say) so I doubt they own any high end servers and have much bandwidth, and dont even expect to use much bandwidth other then to send unauthorized packets to other servers, which do all the work for them. The sites they advertise only get hits from administrators of forums/email servers, so a free hosting package does the job usually.

So I bet if we target the right servers, we can bring down spammers very easily. But it's the thing of finding the right servers, and right home IPs. Get them at the source, bring down their home PCs, they cant do anything. These people cant afford much, so brining down a 486 over a 56k connection cant be all that challenging, and bogging down the 56k connection is even less challenging. Stop the people controlling the zombies (open relay mail servers, etc) and the zombies stop.

Archived topic from Iceteks, old topic ID:4347, old post ID:35013

Red Squirrel wrote:

sintekk wrote:

Red Squirrel wrote: I would of pulverized every single one of them with large scale DDoS and make sure the data center comes down to a grinding halt, forcing to bring the spam servers offline.

Ah, I see you share the same botnet as the spammers

Sheesh, these guys folded like a house of cards, though admittedly, if the ddos attack brought down their new host, who's main feature is to deter DDOS attacks like that, they probably wouldn't be live too often anyways.

Still, a shame, I was getting a fair reduction in spam being on the list.

And the spammers are low income (welfaire, if that, more parent's allowance I say) so I doubt they own any high end servers and have much bandwidth, and dont even expect to use much bandwidth other then to send unauthorized packets to other servers, which do all the work for them.

Dude, the spammers that ddos'd their site not only took down their site, but disabled all LiveJournals and SixApart journals when they redirected bluesecurity.com to their livejournal page. That's something I doubt me or you coul ever hope to do without resorting to a huge botnet.

Hell, after BlueSecurity switched from Tucows to a new host that was specifically designed to be resistant to DDOS attacks, they crumbled under another ddos...

Archived topic from Iceteks, old topic ID:4347, old post ID:35015

Yeah but chances are the spammers used other people's networks to do this (zombies). These people dont have a life, job or anything, so doubt they can afford their own networks. But then again these people are crooks, and probably the same people who do nigeran spam (and people are stupid and fall for these) so they could be rich off money they stole. Who knows.

I'm just suprised blue security is not fighting back but bailing out, since this means the spammers win.

A good firewall setup should be able to detect and stop DoS attacks on the fly. Most likely some custom code required and such, but I'm sure it can be done.

Archived topic from Iceteks, old topic ID:4347, old post ID:35016

Red Squirrel wrote: And the spammers are low income (welfaire, if that, more parent's allowance I say) so I doubt they own any high end servers and have much bandwidth, and dont even expect to use much bandwidth other then to send unauthorized packets to other servers, which do all the work for them. The sites they advertise only get hits from administrators of forums/email servers, so a free hosting package does the job usually.

Dude. spam is big business. Sure, maybe 1 in 50,000 will result in a sale of some sort. But when you're sending out 100,000,000 emails, things tend to add up. And sure spam filters have cut down on the profits of spammers, but they make up for it by sending even more spam. Check out this article. A good spammer can make $60,000 - IN A MONTH.

Archived topic from Iceteks, old topic ID:4347, old post ID:35021

That is sickning . They really need to make spam illegal or something. Organizations do what they can to stop it, but without any goverment support it's hard to stop.

Archived topic from Iceteks, old topic ID:4347, old post ID:35034

Red Squirrel wrote: That is sickning . They really need to make spam illegal or something. Organizations do what they can to stop it, but without any goverment support it's hard to stop.

Spam in the US is illegal, it's just that most of the time it's hard to either trace the emails accurately back to the source, or it's hard to get who's responsible into a court where they can be convicted.

Which, imo, is why the vigilante idea that Blue Security had going was the only method that worked as well as it did.

Archived topic from Iceteks, old topic ID:4347, old post ID:35039

Yeah hopefully someone else will decide to start a similar solution. Really, the goverment should. Just need to be prepared for the storm. Redundant network paths, IDS firewall clusters, and I'm sure some technology out there exists to detect patterns of DoS attacks in order to dynamicly block packets. They can catch some guy downloading MP3s, but they cant catch some guy connection to many servers to produce tons of useless mail traffic.

Archived topic from Iceteks, old topic ID:4347, old post ID:35042

Looks like someone is starting a new project called Okopipi based on the freely available Blue Frog source code:
http://slashdot.org/~Spy+der+Mann/journal/135727

Archived topic from Iceteks, old topic ID:4347, old post ID:35076

Nice to know. Lets see how long they last till they get DoSed though :/

Archived topic from Iceteks, old topic ID:4347, old post ID:35079

sintekk wrote: Looks like someone is starting a new project called Okopipi based on the freely available Blue Frog source code:
http://slashdot.org/~Spy+der+Mann/journal/135727

KOOL

I checked into this -u have to go HERE & join the group to get the anouncement as to when it will be released.

Archived topic from Iceteks, old topic ID:4347, old post ID:35088