Spam vigilante spat knocks out blog services

Free Newsletters

Log-in | Register

Spam vigilante spat knocks out blog services Six Apart suffered a sophisticated denial of service attack on Tuesday, causing service outages at LiveJournal and TypePad
By Paul F. Roberts May 04, 2006			E-mail Printer Friendly Reprints Slashdot It!

A dispute between a mysterious Russian spammer and an Israeli antispam firm spilled over to the rest of the Internet on Wednesday, when denial of service attacks aimed at the Israeli firm's Web site knocked out servers that host millions of blogs.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

Bloggingcompany Six Apart suffered a sophisticated denial of service attack Tuesday afternoon, Pacific Time, which caused service outages at all of Six Apart's Web sites, including LiveJournal and TypePad. The denial of service attack stems from an ongoing feud between Blue Security and an unnamed spammer disgruntled over that company's antispam crusade, according to Blue Security CEO Eran Reshef.

Blue Security, based in Haifa, Israel, operates the "Do Not Intrude" list. The company allows individuals to register an e-mail address on the list, and then tracks spam messages to those accounts with desktop client software, known as "Blue Frog."

When spam e-mail is sent to a Do Not Intrude Member, Blue Security traces the message to its origin, and then bombards the Web site behind the campaign (known as the "sponsor") with requests to remove the e-mail message from their distribution lists. Millions of e-mail messages translate into millions of "opt out" requests from Blue Security members, which bog down the spammers' servers.

In recent days, e-mail users who had registered with the Do Not Intrude list have instead been the target of a concerted spam campaign and received extortion e-mail messages threatening to continue the campaigns unless the users remove their name from the Do Not Intrude registry.

The individual behind the attack, who uses the moniker "pharmamaster" and who is believed to reside in Russia, also cut off traffic to Blue Security's Web site, allegedly by manipulating routing configurations at a large Internet backbone provider to prevent traffic from outside Israel from reaching Blue Security's servers.

"This guy is adamant about not letting Blue Security be successful," said Reshef. Blue Security's CEO claims to have had instant message conversations with "pharmamaster," whom he describes as technically sophisticated and apparently all-powerful, but also desperate.

"This is not some kid. This is somebody who has the capacity to take down any site. He's like a weapon of mass destruction," Reshef said.

Among other things, Reshef said that “pharmamaster” claimed to have a contact at UUNET who would do his bidding. Rather than launch a denial of service attack against BlueSecurity.com, the spammer instructed the contact to alter the routing tables so that traffic from outside Israel would not reach the company's servers. Technical staff at Blue Security saw traffic to the company's site drop precipitously shortly after 4:30 p.m. local time on Tuesday, Reshef said.

But experts expressed doubts about that story.

An analysis of Internet routing records for BlueSecurity.com don't reveal any changes to the way traffic was routed to the domain in recent days, said Todd Underwood, chief operations and security officer at Renesys Corp. of Manchester, N. H., which sells Internet monitoring and analysis technology.

Instead, Blue Security appears to be the victim of a larger-than-average, but run-of-the-mill distributed denial of service attack, which has gone on unabated for around three days, said Underwood.

That jives with reports in to the Internet Storm Center (ISC), also, said Johannes Ullrich, CTO at ISC.

That should be expected, given Blue Security's confrontational approach to stopping spam, Underwood said.

"Spammers get pissed off when anti-spammers attack them directly," he said.

Blue Security couldn't do anything to avoid the DDoS attack, but Underwood was critical of the company's reaction to the attack: moving their home page to a blog hosted at Six Apart's TypePad service shortly after midnight local time on Tuesday.

That brought the wrath of “pharmamaster” to TypePad and Six Apart's other services, which were knocked offline by a denial of service attack for about seven hours.

A company spokeswoman for Six Apart confirmed the attack, but said Six Apart would not discuss steps that were taken to end the attack.

"That was not friendly, nor was it clever. It's not a good way to mitigate a denial of service attack," she said.

Reshefsaid he is taking steps to move his domain over to a hosting provider who is capable of withstanding DoS attacks, but denies that his company's Do Not Intrude list brought the attacks down on his head.

"This has nothing to do with Blue Security. We're a solution to spam that's working. This guy is very desperate and he's willing to rip apart the Internet to stop (us)," he said.

E-mail

Printer Friendly

Reprints

Slashdot It!


	Paul F. Roberts is a senior editor at InfoWorld.

TOP NEWS:

» You don't know tech: The InfoWorld news quiz
Match your weekly tech news wits against our snarky quiz master

» Antitrust review of Google-Yahoo deal no surprise
While serious antitrust problems are unlikely, both Google and Yahoo expected their partnership to be subjected to instense DOJ scrutiny

» Top 10: Coreflood, more Microsoft-Yahoo, iPhone plans
This week's wrapup of the top tech news stories includes more Microsoft-Yahoo rumors, iPhone updates, Flash searches, Oracle's BEA roadmap, and more

» Four 'important' Microsoft patches due Tuesday
Not rated "critical," fixes apply to "Elevation of Privileges" and "spoofing" bugs for Windows, Exchange, and SQL

» Judge grants RIM a stay in Visto patent trial
Trial delayed from beginning next week while patent office studies validity of certain parts of e-mail provider Visto's patents as requested by RIM

» Developers satisfied with Apple's enterprise work
Mac developers feel that Apple shouldn't try to make a broad attempt to win over enterprises and should instead focus on certain areas within the enterprise

Are you ready for event-driven business?
"Faster than a speeding bullet" doesn't just refer to superheroes anymore, it's the velocity your business needs to compete. In this webcast you will learn strategies you can implement today that will keep your systems ahead of the increased business velocity. Sponsor: Progress Sonic

» Click here to view this Webcast

The Silver Lining: Cloud Computing
This IT Strategy Guide digs deep into cloud computing helping put you ahead of the curve on this hot topic. It explores the differences between cloud computing, grid computing and utility computing and then helps you see where and how each applies to your business. Sponsored by Box.net

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Measuring mobile productivity - Companies must be able to measure productivity gains from mobile working. Productivity is notoriously difficult to measure...
Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...
Leading Analysts: Pen Testing is a Requirement - In a newly-published case study, Gartner's John Pescatore, one of the most respected analysts covering the IT security market...
Get more from your Electronic Software Delivery investment - Electronic software delivery (ESD) offers software vendors the potential for significant business benefits. By enabling ...
Improve download completion rates - Companies engaging in electronic software delivery (ESD) measure download completion rates as the key performance indicator...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques CA - Manage your IT more effectively. Efficient - Flexible - Compliant HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Rackspace - Go Green Without Sacrificing Server Performance AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment. AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography		Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist