http://www.wired.com/news/technology/internet/0,70798-0.html By Joanna Glasner May, 02, 2006 An unusual spam war has erupted on the net, pitting an apparently irate spammer against an Israeli antispam firm that claims it's making junk e-mailers think twice about bugging its customers. Blue Security's controversial method uses reverse spam, if you will, returning massive quantities of opt-out messages to companies it identifies as spammers. Apparently the companies on the receiving end don't like it one bit. In an escalation of hostilities this week, Blue Security customers began receiving thousands of messages demanding that members either drop the company's service or continue to receive an avalanche of unwanted e-mails. In addition, U.S. internet users were unable to access Blue Security's website Tuesday. The company said it is still investigating the cause, which may have been a distributed denial of service attack. "We have devised a method to retrieve your address from their database," one message states. "So by signing up and remaining a Blue Security user not only are you opening yourself up for this, you are also potentially verifying your e-mail address through them to even more spammers." Blue Security's founder and CEO, Eran Reshef, called the spammer's allegations of a security hole a baseless scare tactic. Bulk e-mailers, he said, want to stifle the spread of Blue Frog, a tool that customers install on their computers that automatically floods spammers with opt-out messages. "The best way to combat this is to continue running the Blue Frog," Reshef said. The spammer's counteroffensive comes as Blue Security, a 2-year-old firm based in Israel, claims to be making dramatic progress in stopping spam. Three weeks ago, Blue Security said, the world's top junk mailer, responsible for about 9 percent of all spam, stopped sending messages to inboxes of its half-million registered users. On Monday, the company said, the second-largest spammer started contacting its affiliates and advising them not to contact Blue Frog users. Blue Security's controversial spam-fighting approach is modeled as a sort of e-mail version of the Federal Communications Commission's national Do Not Call registry. Through its "Do Not Intrude Registry," users send automated messages opting out of future mailings from spammers, a right spelled out in the Can-Spam Act. Not everyone is sold on the concept. Critics of Blue Security's methodology say that by maintaining a list of people who don't want spam, the company makes users vulnerable to the kind of attack that occurred this week. "The bad guys will be able to figure out who's on the list, and they'll be able to play games like this," said John Levine, a board member of the Coalition Against Unsolicited Commercial Email. "It's the obvious counterattack of an annoyed spammer." _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 03 2006 - 00:00:51 PDT