[ISN] I'm the Blue Security Spammer

From: InfoSec News (isn@private)
Date: Tue May 09 2006 - 23:10:02 PDT


By Joanna Glasner
May, 05, 2006 

An anonymous spammer took credit on Friday for taking part in a
campaign by hundreds of junk e-mailers to disable the websites of
antispam firm Blue Security and affiliated internet companies.

In a message to Wired News, a writer claiming to be "one of the
spammers behind (the) Blue Security scandal," said junk e-mailers have
organized to collect all e-mail addresses of Blue Security's users.  
The writer claimed that spammers have collected e-mails of 70 to 90
percent of Blue Security's half-million registered users and sent
messages to their inboxes.

"Blue Security is indeed hurting our business, but not by taking down
our websites," the purported spammer wrote. "Instead, they create a
daily nuisance to our server administrators."

Officials at Blue Security, based in Herzlia, Israel, could not be
reached Friday to comment on the letter's authenticity. A
representative of Blue Security's public relations firm, Affect
Strategies in New York, said she and co-workers who use its software
have not received similar messages.

Earlier this week, Blue Security's CEO, Eran Reshef, said a Russian
spammer operating under the name PharmaMaster orchestrated a string of
attacks this week that disabled its site and sent threatening messages
to its users.

The spammer, Blue Security said, also took credit for launching denial
of service attacks against five hosting providers and SixApart, one of
the internet's largest blog networks, where the antispam firm had
posted content.

Blue Security appears to have drawn spammers' ire for its method of
eliminating junk e-mail, which involves sending automated opt-out
requests on behalf of its registered users to companies whose products
are advertised by spammers, among other things. The company claims its
methods comply with the U.S. CAN-SPAM Act, an antispam law that allows
recipients of unwanted e-mail to opt out of e-mail lists. Only one
opt-out request is allowed per spam received. But Blue Security
effectively has been able to put the squeeze on spammers by
coordinating legal opt-out requests from thousands of customers at

In the message to Wired News, the self-described Russian spammer said
"attacks" sent by computers running Blue Frog, the tool installed on
users' computers to send automated opt-out requests, are easy to
handle, but time consuming.

"The point of it is to get Blue Frog software to stop turning its
subscribers' computers into zombies that attack our servers," the
spammer wrote. "If you want to be removed from our mailing list,
please opt out first."

John Levine, a board member of the Coalition Against Unsolicited
Commercial Email, said that while it's not clear the letter's author
is who they claim to be, a spammer could realistically gather Blue
Security's users' e-mail addresses.

"The problem with any antispam list is you can reverse engineer it,"  
Levine said. "People can find out who's on the list."

Blue Security's website was operating normally on Friday, after being
inaccessible most of the week. Reshef said on Thursday the attack
appeared to involve a breach of the internet's backbone that blocked
incoming traffic to the site.

However Todd Underwood, chief operations and security officer at
internet routing analysis firm Renesys, said the site's
inaccessibility seemed to result from a traditional denial of service
attack, in which an attacker floods a target with incoming packets of

In response to DoS attacks, ISPs commonly block all incoming traffic
to a site, but they usually notify its operators first, he said.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Wed May 10 2006 - 00:09:25 PDT