On last.fm: Free iPhone/iTouch Streaming Radio App
BNET Business Network:
BNET
TechRepublic
ZDNet

June 11th, 2007

Botnet assault: Spammers launch DDoS offensive

Posted by Ryan Naraine @ 9:52 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Passwords, Pen testing, Privacy, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Anti-spam, Spammer, Malware, Distributed Denial Of Service, Attack, Ryan Naraine

The spammers behind last year’s destruction of Blue Security are back with a vengeance, using a variant of the ‘Storm Worm’ malware to launch a sustained distributed denial-of-service attack against three anti-spam services.

SpamhausThe ongoing attacks, which use botnets of hijacked Windows computers, successfully shut down the Web servers that power the Spamhaus Project, URIBL (Realtime URI Blacklists) and SURBL (Spam URI Realtime Blocklists (SURBL).

A note from Steve Linford of the Spamhaus Project explains the assault:

The attack is being carried out by the same people responsible for the BlueSecurity DDoS last year, using the Storm malware.

The attack method was sufficiently different to previous DDoS attacks on us that some of it got through our normal anti-DDoS defenses and halted our web servers.

At 02:00 GMT we got the attack under control and our web servers are now back up, www.spamhaus.org is running again as normal.

The attack is ongoing, but it’s being absorbed by anti-DDoS defenses. Also under attack by the same gang are SURBL and URIBL.

Storm is the ‘nightmare’ botnet, capable of taking out government \facilities and causing much mayhem on the internet. It has 3 functions; sending spam, fast-flux web and dns hosting mainly for stock scams, and DDoS. There is a hefty international effort underway by cyber-forensics teams in a joint effort by law enforcement and private sector botnet and malware analysts to trace the perpetrators.

The Storm Worm Trojan has been linked to similar attacks against anti-spam services, anti-rootkit software providers and even malware researchers.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 96 Talkback(s)
Just horrible
If only there was a way to track down the owners of this botnet, what a horrid waste of bandwidth. It's quite depressing to think that we have this massive power on the internet that can't currently b... (Read the rest)
Posted by: John Musbach Posted on: 11/28/07 You are currently: a Guest | | Terms of Use
Want to eliminate BotNets and all this crap?  TripleII | 06/11/07
Any and all feedback appreciated  TripleII | 06/11/07
Well, not EXACTLY true, TripleII.  OButterball | 06/11/07
Not EXACTLY true, Butterball  critic-at-arms | 06/11/07
Even if the OS is bulletproof (not really possible), ...  OButterball | 06/11/07
RE: Even if the OS is ...  GreyGeek | 06/11/07
Yeah, yer right about SE being too labor intensive ...  OButterball | 06/11/07
"the OS"  ubaz2 | 06/12/07
You don't hear about Mac or Linux zombie farms because...  robert@... | 06/28/07
social engineering  zoroaster | 06/11/07
I agree, but read my response to GreyGeek, above (NT)  OButterball | 06/11/07
With humna diseases....  bportlock | 06/12/07
In regards to spam  Suicida| | 06/12/07
Only to a point  flhtc | 06/11/07
RE: Only to a point  GreyGeek | 06/11/07
RE: Re: Only to a point  flhtc | 06/12/07
malware on other systems  zoroaster | 06/11/07
One OS, and other thoughts  TripleII | 06/11/07
agree, with slight mod  jefmud | 06/11/07
I Agree  TripleII | 06/11/07
Be better to just limit them to port 80 through a proxy  Been_Done_Before | 06/11/07
And that's what is needed  TripleII | 06/11/07
Why not?  Linux User 147560 | 06/11/07
Do not block. Just slow them down.  osreinstall | 06/11/07
Excellent, part II, feedback coming up!  TripleII | 06/11/07
Not quite. Must be a little more subtle.  osreinstall | 06/11/07
Pretty sure that won't work  FatherJ | 06/12/07
Yes it will  osreinstall | 06/12/07
Try again  FatherJ | 06/12/07
The only solution you offer is, it will not work.  osreinstall | 06/12/07
SBC used to inject their AV ware into the DSL installation...  JCitizen | 06/12/07
Angry customers.  Henry Miller | 06/11/07
I concur...  zkiwi | 06/11/07
Yep, that can happen  TripleII | 06/11/07
Wrong target  brad@... | 06/11/07
easy to fix the isp could use the mac address instead of the ip  SO.CAL Guy | 06/11/07
I have a better idea  Tranman123 | 06/11/07
Would that we could  TripleII | 06/11/07
how do users 'fix' their machine?  zoroaster | 06/11/07
Not fully fleshed out  TripleII | 06/11/07
how do users 'fix' their machine easy it called restore  SO.CAL Guy | 06/11/07
FIX? / Restore? / How about prevent?  Ken E | 06/11/07
FIX? / Restore? / How about prevent?  SO.CAL Guy | 06/11/07
It's pretty sad  tracy anne | 06/11/07
Microsoft can't bundle anti-virus software into windows  SO.CAL Guy | 06/11/07
os patched?  On Site PC | 09/26/07
No tech solution to a political problem  cls@... | 06/11/07
nice point!  gare | 06/11/07
Bunk Analysis  daMan25 | 06/11/07
The shark is never satiated  cls@... | 06/11/07
then why the suggestions  DanLM | 06/11/07
But, They might make more  Hrothgar - PCLinuxOS User | 06/15/07
I agree with your reasoning...  TheGratefulNed | 06/11/07
This makes no sense what-so-ever  FatherJ | 06/12/07
WRONG!!!  support@... | 06/12/07
Somebody should tell CompuServe about ISP responsibility  archetuthus | 06/11/07
Would you buy a socket set at Toys R Us?  cls@... | 06/11/07
Classify Spammers as Terrorists  toothman@... | 06/11/07
toothman for prez!  tek_heretik | 06/11/07
Botnets  Rocker452 | 06/11/07
big email is arranged  cls@... | 06/11/07
Not to mention  Freebird54 | 06/12/07
Who Responsible?  RKaiser@... | 06/11/07
YOU are responsbile for stopping these attacks.  llowell@... | 06/11/07
Don't agree - not the end-user's responsibility  brendthess | 06/11/07
You are responsbile  tjpurdy | 06/11/07
You're both right....  rpotter@... | 06/11/07
Explain that to an 80 year old talking to her grandkids  DanLM | 06/11/07
How about help them?  TripleII | 06/11/07
80? (Why stop there?)  Mihi Nomen Est | 06/11/07
Lack of understanding cross's all boundries  DanLM | 06/11/07
Botnet assault: Spammers launch DDoS offensive  hmedia | 06/11/07
tough one...  zoroaster | 06/11/07
Good luck Spamhaus.  phatkat | 06/11/07
victims  tjpurdy | 06/11/07
Fight Back  desertcities@... | 06/11/07
the the isp's the the drone computers would block them from the Internet  SO.CAL Guy | 06/11/07
My reply was specific  DanLM | 06/11/07
dog gone it  DanLM | 06/11/07
LOL, caught it anyway.  TripleII | 06/11/07
Blue security gave up too easily  CobraA1 | 06/11/07
Throw them in the slammer for 20 years.  kraterz | 06/11/07
A bullet to the head, NOT jail time  bowenw@... | 06/12/07
Sooner, the better security defenses our are  intrepi@... | 06/11/07
There Are Two Sides To Every Story  clarrieu | 06/11/07
There Are Two Sides To Every Story  cchamb2 | 06/12/07
You Tell ME  clarrieu | 06/13/07
This is why companies are pushing SPF and DomainKeys  CobraA1 | 06/14/07
Been attacked  mcphoto | 06/12/07
spamcop  tjpurdy | 06/12/07
Security, OS market share, blah, blah, blah  TSMoore | 06/12/07
Spam Spyware Etc  Tom in Toronto | 06/12/07
I would prefer the inconvenience of being blocked...  5445mlbvd2gn@... | 06/12/07
Perhaps they're not that helpless  5445mlbvd2gn@... | 06/12/07
Cyber Sleuthes and Bot Attacks!  activelymindfull@... | 06/15/07
Just horrible  John Musbach | 11/28/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here