Weblogs: Spam
More spam blacklists buckle under DDos attack
Wednesday, September 24, 2003The repercussions of the SoBig virus are now abundantly clear. More zombie machines are attacking anti-spam blacklists forcing them to close down. Today, both Ronald Guilmette's Monkeys.org and Bill Larson's blackhole.compu.net have ceased to exist. OpenRBL are still under attack, as well as SpamCop and SpamHaus.
Mindless zombie computers
Thousands upon thousands of zombie machines are flooding targeted blacklists with massive amounts of traffic in a Distributed Denial of Service (DDoS) attack. These zombie machines tend to be cable-modem PCs permanently connected to the net via major ISPs - their owners unaware of the damage their computers are causing.
It is no coincidence that these zombie machines are targeting a particular set of addresses - this is deliberate. The attackers have managed to infect thousands of personal computers with software that listens for their commands, and carries them out as ordered. It takes one person to issue the command, and those thousands of computers all wake up at the same time and flood the identified victim with more traffic it can handle.
And these floods typically last for days. This prevents the victim machines from doing their normal job - of answering queries about whether a piece of email originates from a blacklisted address.
What's more damaging is that bandwidth is not free, and since blacklists are operated by small companies and individuals, they cannot afford to sustain a flood of traffic of DDoS proportions over an extended time. So when the cash to cover the bandwidth runs out, the blacklists have no option but to disconnect from the Internet.
And then the commander of these zombie machine just directs his attention to the next target on his hit-list.
Who is behind these attacks?
Who gains most? Spammers certainly benefit from the disappearance of blacklists - they get to send more email to more people on their mailing lists. So the immediate repercussions of the loss of a blacklist is evident: a rise in the amount of spam being successfully delivered to its intended recipients. How much? At least as much as what these blacklists were effectively blocking - and that is an immediate increase.
Why don't the government or law enforcement agencies step in?
Very good question. The current understanding is that the damage being caused - forcing one server off line - is not high enough to consider an investigation. Small businesses go out of business all the time. Then again, there is a problem with jurisdiction, especially when traffic is flooding in from foreign countries.
Perhaps the biggest problem is what can the authorities actually do? When thousands upon thousands of machines are attacking one target, and these machines are on a thousand independant networks, where do they start? Which then brings in the question of determining who is behind these attacks. Unlike the RIAA, the anti-spam services can't afford the legal representation to approach such a large number of service providers with the same gusto.
Government action takes a long time to happen. Only today did California sign in its anti-spam legislation covering spam sent from and received by servers in their state - with possible fines in the region of a million dollars. That's one state in one country. Australia has recently implemented legislation that will fine spammers one million dollars a day for their activities. Certainly this starts to make inroads into reducing spam levels, but these inroads won't have much impact if the rest of the world doesn't enact similar legislation.
Other countries are offering spammers loop-holes. UK legislation, for instance, will ban the sending of spam to private individuals, but not to businesses and companies. Well, Freeserve is a business, so spamming Freeserve is legitimate (sucks to be me then). On a national level, the US is heading down the opt-out route, effectively giving spammers a free reign to spam everyone, and effectively opening up spamming as a legitimate method of communication to 23 million US businesses.
Steve Linford's prediction
Steve Linford's prediction of email meltdown within six months is still very much on track. We have about three months left to wait. Considering today's actions, I'm very much convinced of Steve's uncanny accuracy.
Related Reading
- PC World: SoBig may be working for spammers
- Register: Sobig linked to DDoS attacks on anti-spam sites
- CircleID: Moving Target: Spammer Using Over 1000 Home Computers as DNS
- Wired: No truce in the spam wars
- MSNBC: Spam block lists bombed to oblivion
- Boston.com: Saboteurs hit spam blockers
- silicon.com: Major victory in war on spam
- The Times of India: Spams may force e-mail users back to snail mail
- CNN: California governor signs nation's toughest anti-spam law
- TechNewsWorld: Spammers face tough penalties under new law
- Ananova: Spammers threatened with million dollar fines
- CNet: California spam law may face court challenge
- News.com.au: ADMA applauds [Australian] anti-spam law
- BBC: Anti-spam laws lack bite
- Guardian: Unlimited fines threatened for spam emails
- Register: UK Government fouls up anti-spam plans, say experts
- ZDNet[UK]: Government backs anti-spam mission to US
[ Weblog | Categories and feeds | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 ]