[ISN] Phish fighters floored by DDoS assault

From: InfoSec News (alerts@private)
Date: Tue Feb 20 2007 - 22:30:06 PST


http://www.theregister.co.uk/2007/02/20/castlecops_ddos/

By John Leyden
20th February 2007

Castlecops, the volunteer security community that runs a well-known 
phishing website investigation service, has been hit by a denial of 
service attack.

The latest phase in an ongoing botnet powered onslaught that began on 13 
February rendered the site largely inaccessible on Monday (19 February).

By Tuesday, the website returned albeit without the restoration of all 
its services. "We're under a DDoS, but we will prevail. Good shall 
overcome," Castlecops's principal Paul Laudanski said on a posting on 
the site's website.

Founded five years ago, CastleCops is best known for its Phish Incident 
Reporting and Termination (PIRT) taskforce. Surfers are able to report 
fraudulent sites to Castlecops volunteers, who investigate these 
reports. Castlecops volunteers do the leg work and carry out the 
sometimes tricky process of having bogus sites removed from the 
internet. The organisation also assists in educating users about malware 
risks.

The motives of the attack are unclear, though it's reasonable to assume 
the phishing fraudsters or malware authors, who have most to gain from 
the inavailability of Castecop's website, are the likely perpetrators.

Castlecops has become the latest target in a string of attacks targeting 
organisations looking to frustrate the efforts of phishing fraudsters, 
spammers, or other internet pond life.

Veteran spam fighter Spamhaus suffered a denial of service attack last 
September, for example, while an attack by a rogue spammer brought down 
anti-spam firm Blue Security in April 2006.

According to Blue Security, a renegade Russian language speaking spammer 
known as PharmaMaster succeeded in bribing a staff member at a top-tier 
ISP into black-holing Blue Security's former IP address at internet 
backbone routers. 


______________________________________
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Feb 20 2007 - 22:50:34 PST