26 September 2003 More anti-spam services have been taken out of action as a result of a concerted, month-long distributed denial of service (DDoS) attack, believed to be the work of spammers.
The attack has utilised a ‘zombie army’ of compromised PCs and servers worldwide, which have been infected by a wave of virus attacks throughout the year. The SoBig series of viruses, as well as the recent Swen virus, are thought to be the work of a particular spam gang seeking new ways to propagate their spam undetected.
The latest victims of the DDoS attack include Monkeys.com, which ran a blacklist of insecure mail servers, and Blackhole.compu.net. “It just wasn’t feasible to run this [list] and make ourselves a large target any more,” Bill Larson, network administrator for Compu-net Enterprises told MSNBC News.
Other major anti-spam blacklists also report being targeted in the DDoS attack.
Early in September, a week into the attacks, Osirusoft was forced to withdraw its popular free service after the company and its Internet service provider (ISP) was overwhelmed by the attack. SpamCop, another popular service, was also temporarily shut down.
Osirusoft had offered a popular blacklisting service run by an anonymous organisation called SPEWS ? the spam prevention early warning system. SPEWS is one of the biggest and most popular anti-spam services due to its aggressive approach.
Since it was founded in 2000, it has become a particular bete noir among spammers because of its effectiveness. ISPs that fail to take action against spammers operating on their network ? whether spamming or hosting ‘spamvertised’ web sites ? have their listings escalated. As a result, a wider and wider range of customers are affected.
While harsh on innocent users caught in the middle, the organisation’s policy has forced lackadaisical and previously spam-supporting ISPs to clean up their act, forcing spammers off-shore. Favourite destinations include Argentina, Brazil and China.
Its effectiveness has also made it extremely popular.
What has angered many blacklist operators has been the lack of action from US law enforcement agencies who would normally work themselves into a frenzy if such an attack were targeted at big name organisations, such as Amazon.com or Yahoo.
And the attack is certainly highly sophisticated, admitted Ron Guilmette, the operator of the Monkeys.com blacklist. He said that he had “underestimated both the enemy’s level of sophistication and also the enemy’s level of brute malevolence”.
He believes that the attackers have deployed a network of some 10,000 compromised machines in their attacks.
In addition to the lack of interest of the FBI, he also blames the major US ISPs for failing to do anything about the attack, despite being in a position to take action because of their control of the US’ Internet backbone.
Compu-Net’s Larson said his company had been forced to withdraw its service after being ‘Joe-jobbed’ by a spammer. This is where a false return address is given in the spam, producing a flood of bounces back to the victim’s mail server.