Showing posts with label cybercrime. Show all posts
Showing posts with label cybercrime. Show all posts

Saturday, January 13, 2007

It's not just you

I've now heard about three several other anti-spam sites that were taken down by DDoS attacks yesterday. It seems that this was a coordinated attempt to sweep anti-spam projects off the Internet.

This shouldn't really come as a surprise. Back when Pharmamaster and Blue Security were fighting it out - Pharmamaster won - I wrote a post on spamnation.info that said:

Pharmamaster and his friends have shown their strength and demonstrated how far they are prepared to go to protect their spam business. Any other anti-spam initiative that seems to be effective could just as easily be next.


It's no fun to be right all the time.
Posted by at 5 comments:
Labels: , , , , ,

Friday, January 12, 2007

The DDoS Diaries

My (otherwise wonderful) girlfriend has one habit that drives me to distraction. From time to time she will say, in a thoughtful tone of voice, "So ...". I stop thinking about whatever I was thinking about and start paying attention, waiting for her to go on.

Nothing. Silence. She just leaves her "So ..." hanging there in mid-air.

You can do that to computers too. It forms the basis of a kind of attack known as a SYN flood attack, which is one variety of distributed denial of service (DDos) attack. The attacking computers send a SYN(chronize) signal to the target, which responds with the computer equivalent of "Uh-huh" and waits for a reply to complete the connection. The reply never comes. Instead, the attacker sends more SYN signals. Or 'attackers', because there are usually very many of them. If enough attacking machines hit the target together, the target will almost inevitably go down.

Today, a distributed denial of service attack took down the anti-spam information website spamnation.info. The site was almost certainly attacked because it published information that was intended to help victims of spam. This included a regularly-updated database of spam-advertised stocks, a list of 'frequently-asked questions' about stock spam, a database of domains advertised by spam and other miscellaneous information. Apparently this displeased certain people to the point that they used a botnet to knock the site offline.

The identity of the attackers is unknown. Perhaps the most likely candidates are the spammers behind the recent wave of spam advertising penny stocks that has been flooding everyone's inboxes. The senders of this type of spam are known to use botnets to distribute their material, and they are suspected to have links to a spammer known as Pharmamaster who was allegedly responsible for taking down the Israeli company Blue Security with a sustained DDoS attack. However, there are plenty of other possibilities as well: I'd recently written on the site about the networks of spammers promoting 'mainstream' companies in the United States, and the site also contained a good deal of information about presumed Russian scammers operating 'money transfer' scams. None of these people are particularly eager to have their activities discussed in public.

I'm the webmaster of spamnation.info. I'm starting this site as a temporary alternative while I decide whether I can put the site back online and, if so, how. I'd welcome comments, reactions, and anything else - except more spam.
Posted by at 5 comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)