Life in Balance: Amit Chaudhary’s Blog
• • • • •

I am learning of this a couple of months late, but it is worth reading anyways for the sheer impact of a botnet.

A spammer operating from Russia using a mix of botnets for DDoS, social engineering and bribes managed to bring down a startup which was having some success in tackling spam.

The background article on Blue Security and the spammer retaliation , from The Register: Blue Security calls it quits after attack by renegade spammer

Anti-spam firm Blue Security is to scrap its spam-fighting effort after deciding its escalating conflict with a renegade spammer was placing the internet as a whole in jeopardy.

Blue Security established a ‘Do Not Intrude Registry’ (akin to the Do Not Call Registry for telemarketing) with around 450,000 members. Participants downloaded a small tool, called Blue Frog, which systematically floods the websites of spammers with opt-out messages. Depending on your point of view, this initiative can either be viewed as community action or vigilantism.

After Blue made configuration changes to point users towards its TypePad-hosted weblog, bluesecurity.blogs.com, PharaMaster upped the ante by launching a massive denial of service attack against TypePad and any other organisation associated with Blue Security. The attack forced Six Apart, which runs TypePad and Live Journal, offline leaving the information superhighway temporarily bereft of the outpourings of numerous bloggers. The sophisticated attack also disrupted the net operations of five top-tier hosting providers in the US and Canada, as well as a major DNS provider for several hours.

Blue reckons PharmaMaster hired a botnet to launch the assault. During an ICQ conversation, PharmaMaster told Blue Security that if he can’t send spam, there will be no internet.

Here is the same news with some more details in Wired. The similar attacks happened against StormPay and the Million Dollar page. among others.
In a survey though by a company with agenda, showed 96% of UK ISP mention increase of botnets as a key business issue.

Background:

The botnets are zombie PCs which have been compromised due to some security flaw being controlled of a single system and available for spam, blackmail, identity theft and DDOS(Distributed Denial of Service) attacks like above. A botnet can have upto 1.5 million PCs.