 |
Source: SecurityLabs |
Eran Reshef once had an idea (which he thought would succeed) in the fight against spam: Using spam to combat spam. But today, Eran has officially surrendered.
Reshef’s company, located in Silicon Valley, is called Blue Security. Initially, Blue Security merely called on spammers to stop sending spam to their customers.
Of course, these calls were always ignored. Frustrated, Blue Security decided to launch an offensive: bombarding spammers with requests from all 522,000 of their customers at once.
Flooded with a stream of data comparable to a DDoS attack, the spammers could no longer send emails to any other victims. They suffered heavy losses, and some well-known spammers had to “surrender” and accept Blue Security’s initial call to stop sending spam.
When Spammers Strike Back
However, in early May, a spammer from Russia retaliated. Using thousands of hijacked computers (zombie computers), this spammer overwhelmed Blue Security with a massive influx of access requests.
Users could not access Bluesecurity.com and many other sites. This spammer even left a message: Stop operations immediately, or Blue Security’s customers would become targets of virus attacks.
Helpless and unable to recover, today, Reshef will wave the white flag (of course, virtually) and surrender. His company will close its doors this morning, and the Blue Security website will announce this to all customers.
Reshef’s company, located in Silicon Valley, is called Blue Security. Initially, Blue Security merely called on spammers to stop sending spam to their customers. Of course, these calls were always ignored. Frustrated, Blue Security decided to launch an offensive: bombarding spammers with requests from all 522,000 of their customers at once. Flooded with a stream of data comparable to a DDoS attack, the spammers could no longer send emails to any other victims. They suffered heavy losses, and some well-known spammers had to “surrender” and accept Blue Security’s initial call to stop sending spam. However, in early May, a spammer from Russia retaliated. Using thousands of hijacked computers (zombie computers), this spammer overwhelmed Blue Security with a massive influx of access requests. Users could not access Bluesecurity.com and many other sites. This spammer even left a message: Stop operations immediately, or Blue Security’s customers would become targets of virus attacks. Helpless and unable to recover, today, Reshef will wave the white flag (of course, virtually) and surrender. His company will close its doors this morning, and the Blue Security website will announce this to all customers.“Retreating is the only thing we can do to prevent a large-scale cyber war from occurring,” Reshef said sadly.
A Disappointing Step Back
Observers believe that this event marks a disappointing step back in the battle against spam for users, businesses, and security forces. According to security firm Symantec, over 50% of all emails sent in the second half of 2005 were advertisements for drugs, pornography, and get-rich-quick schemes.
Alan Paller, research director at the SANS Institute, noted that “intimidation” and “punishment” attacks by spammers have surged in recent years.
In Blue Security’s case, the attacker demanded that the company stop interfering with their “multi-million dollar” business. But this is just one of many such “settlements.”
The Russian spammer’s counterattack generated such a massive amount of data that it not only crashed Blue Security but also affected many other sites, including Six Apart, which operates millions of sub-sites through TypePad and LiveJournal blogging services.
Additionally, all operations of Tucows, a Canadian ISP that helps manage Blue Security’s site, had to be temporarily halted for 12 hours.
Forever a Grasshopper in the Path of a Stone?
The CEO of Tucows described the attack as “unprecedented in the company’s history,” and the number of companies with infrastructure capable of withstanding such an attack can be counted on one hand.
Investors commented that the Blue Security event was “not surprising but very unfortunate.” The “Use Spam to Fight Spam” initiative of Blue Security had attracted significant investor attention in 2004, when it raised up to $4 million in funding.
However, all it has proven once again is: Spammers always win, while the little soldiers always suffer tragic defeats, without any fanfare.
Tian Yi
