DATE:
2006-05
AFFECTED COUNTRIES:
Israel, USA
AFFECTED SITES:
bluesecurity.com (primary target), typepad.com, livejournal.com, sixapart.com, and tucows.com-related sites
EFFECT OF ATTACKS:
Six Apart, et al unreachable for at least 8 hours, Tucows services unreachable for 12 hours, BlueSecurity.com unreachable for an extended period then shut down its website permanently.
SOURCE COUNTRY:
n/a
ALLEGED ATTACKERS:
"PharmaMaster" which SpamHaus links to Christopher J. Brown / Swank AKA Dollar, Joshua Burch / zMACK of Interactive Adult Solutions / BulkEmailSchool.com, Leo Kuvayev / BadCow, and Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov -- all spammers, etc.
TYPE OF ATTACK:
DDoS
ATTACK SPECIFICS:
2Gb-10Gb/second
EVENT DESCRIPTION:
The company that created Blue Frog, a service enabling users to opt out of spam by effectively spamming the spammers, was attacked and its users more heavily spammed with, among other things, accusations that they were using an illegal service and thus were criminals. The owner received an ICQ message from PharmaMaster who notified him that a high-level ISP would start blocking the site - which then happened. It was at that point the DDoS started. When the site redirected traffic to its blog in order to get around the backbone filtering, the blog host - Six Apart, along with its sites LiveJournal and TypePad - crashed as well. When Six Apart successfully defended, the attack reoriented towards BlueSecurity's host, Tucows, which had to eventually remove BlueSecurity's DNS records from its server without even providing notification - in contrast to Six Apart, who never took the blog down. The final step was to take BlueSecurity's paying customer data (clients that pay the company to protect their servers) and subject them to large attacks themselves. When the attack stopped and BlueSecurity got a message from the hacker that more will come, it decided to close up shop given the collateral damage.
URLS:
1. http://www.securityfocus.com/news/11392
2. http://www.securityfocus.com/brief/203
3. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK551
4. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6643
5. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
6. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6138
No comments:
Post a Comment