Slashdot Mirror
BlueSecurity Database Compromised?
Stray1 writes ""You are recieving this email because you are a member of BlueSecurity...." An email from unknown detractors has taken the Bluesecurity anti spam lists and decided to take matters into their own hands. I recieved this Email from an anonymous, and garbled host, which went on to say in not so fantastic english that I, as a Blusecurity member, would recieve this and many more (about 20 -30) spam messages a day until I left the blue security community. Blue Security, (www.bluesecurity.com)a website and community designed to lessen your Spam Email, is down for the moment. Is this what we have come to? Spam,(erm 'high volume email') companys holding your address hostage until you comply? "...We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user". I have to say, up until this point, my spam was down by about 70% to 80%."
Below is an email that I received, which pretty much confirms that they have been hacked.
----
You are being emailed because you are a user of BlueSecurity's well-known software "BlueFrog." http://www.bluesecurity.com/
Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 - 20 fold.
BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity's software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.
BlueSecurity lists a USA address as their place of business, whereas their main office is in Tel Aviv. BlueSecurity is run by a few Russian-born Jews, who have previously been spamming themselves. When all is said and done, they will be able to run, hide and change their identities, leaving you to take the fall. YOU CANNOT PARTICIPATE IN ILLEGAL ACTIVITIES and expect to get away with it. This email ensures that you are well aware of the situation. Soon, you will be found guilty of computer crimes such as DDOS attacking of websites, conspiracy, and sending mass unsolicited bulk email messages for everything from viagra to porn, as long as you continue to run BlueFrog.
They do not take money for downloading their software, they do not take money for removing emails from their lists, and they have no visible revenue stream. What they DO have is 500,000 computers sitting there awaiting their next command. What are they doing now?
1. Using your computer to send spam ?
2. Using your computer to attack competitor websites?
3. Phishing through your files for your identity and banking information?
If you think you can merely change your email address and be safe while still running BlueFrog, you are in for a big surprise. This is just the beginning...
A community-oriented lyrics site
I am a victim of the blackmail letter as well. It's easy to figure out how the spammers got my email address, they already had it. They simply backed up their address book, cleaned their list with Blue Security's tool, then "diffed" the database to figure out who was BlueSecurity member.
Another note, BlueSecurity is not Slashdotted. It is unavailable because of a DDoS attack started sometime earlier this week. The attack started submitting invalid PHP requests, making the site slow to a crawl and at times be completely unavailable.
I write about it on my blog. More on the attack here. The threating letter I received is also on my Slashdot journal.
http://www.straightdope.com/classics/a2_356.html
'According to rule 917.243(b) in the Domestic Mail Manual, when a business reply card is "improperly used as a label"--e.g., when it's affixed to a brick--the item so labeled may be treated as "waste." That means the post office can heave it into the trash without further ado.'
No, they don't. And no, they won't.
To quote:
'According to rule 717.243(b) in the Domestic Mail Manual, when a business reply card is "improperly used as a label" -- e.g., when it's affixed to a brick - the item so labeled may be treated as "waste."'
That would be awesome, but unfortunately it doesn't work.
I'll bet this spammer already has your e-mail address from some other source. He checks it against the Bluesecurity DB, and if it's a positive match, he sends you the Bluesecurity-targeted spam. Since there is no web site associated with these messages (because he's not selling anything), he does not suffer any consequences for these particular messages.
This was sent out on an anti-spam list this morning:
p
http://www.bluesecurity.com/Announcements/spam.as
"A major spammer had started spamming our members with discouraging
messages in an attempt to demoralize our community. This spammer is
using mailing lists he already owns that may contain addresses of
some community members.
"We have also received complaints from users about spam allegedly
sent from Blue Security promoting our anti-spam solution and our web
site. This is yet another tactic used by some spammers in an attempt
to slander us by sending unsolicited email forged to appear as if it
was sent from Blue Security. Blue Security is an anti-spam company
determined to fight spam and as such never has and never will send
unsolicited email.
"Our answer to those criminals should be one - we will not be
discouraged; We will continue to exercise our right to opt-out of
spam.
From what I am seeing, I am now receiving 1,000s of these stupid "Because you are using the BlueSecurity Software ...." emails .... but they are all being directed to Mike, Jan, Cindy, Lucy, Bobby, and Greg@mydomain.com .... They are NOT directed to MY email address. These addresses that they are using were ONCE entered by an ignorant relative of my onto one of those online greeting card sites, (even mispelled) and those are the addresses that are being spammed. Since I ALSO registered my DOMAIN with BlueSecurity, I would ponder to guess that the spammers are using the domain list, matching it up to ANY email they have in their spam database with that domain and spamming the heck out of it. They HAVE NOT, I repeat, HAVE NOT hit ANY of my REGISTERED email addresses with BlueSecurity. They are only hitting random crap email addresses on my domain. They're shooting in the dark, they're angry, and they're running scared ... and I hope that you all keep up the good work!
Actually, an "Eye for an eye" is a good strategy in a game-theory sense, and it may be the basis for all cooperative behavior. If you doubt this, simply Google "tit-for-tat" and "game theory."
Comments on BlueSecurity forums last night demonstrate that users with multiple protected addresses are getting these attack spams to some, but not all, of the protected addresses.
What's lkely happening: Spammer has a mailing list. Spammer uses BlueSecurity's "cleanlist" tool to clean registered addresses from his mailing list. Compare original list to cleaned list - email addresses that are in the first but not the second are BlueSecurity registered.
By this logic, email addresses that the spammer does not already have are not made available to the spammer in any way via BlueSecurity's own list. Delivery patterns of the attack spams support this observation.
I'll also note that Gmail's own spam filters are already capturing all of these attack spams; I only got two in my mailbox this morning, about 50 more were filtered.
This is the first time I'm aware of that a spam prevention service has worked so well that it's got a spammer pissed off enough to lash out. BlueSecurity++
Web 2.0 == Giant Blogspam Circle Jerk
Blue Security sends an ANONYMOUS request to the spammer and give him instructions to download SOFTWARE that will clean up their e-mail lists. What it does is hashing each e-mail and checking the database.
This way, no e-mail address is being released to the spammers. They could as well diff the lists to see which addresses were removed, but they won't get NEW e-mail addresses that way.
According to this article BlueSecurity is the target of a DoS attack.
Also, here's their explanation of the spammer's countermeasure:
Makes sense to me, and explains why only BlueSecurity users are getting the emails.
What many spammers already understand, including the criminal who is now threathening Blue Security's users and trying to DDoS their website, is that this is a new era in the fight against spam - and for the first time, spammers know they are losing the fight.
2 7188.html (download.com)
This is not just another passive mesure tryig to keep spam away; Blue Security's solution undermines the economy spammers rely on, the economy that motivates them to send billions of unsolicited messages. They know they will have to adapt to this new reality - some will comply now (Blue Security claims top spammers already comply) and others will try to put up a fight before understanding they have no other choice but to stop spamming the users that are willing to stand up for their rights and do something to fight spam.
I call all Internet users with any sense of responsibility for the future of the Internet to join the ranks of the Blue Community and make sure that spammers realize that common sense and justice will prevail.
Blue Frog can be downloaded from Blue Security's site or from major download sites such as download.com.
Do the right thing - join the fight now!
-- A proud member of the Blue Community
http://www.bluesecurity.com/register
http://download.bluesecurity.com/BlueFrog
http://www.download.com/Blue-Frog/3000-2092_4-105
It looks like the spammers might have forgotten who they were messing with. They were essentially flooding a number of users of which a high percentage actually report their spam. Could it be that the sudden drop of their FUD spam e-mails to 0 over the last 6 hours be due to this mass reporting? In particular, to SpamCop.
Yah, Checking if a website is up by digging through slashdot comments is about the easiest way to do it.
I just got the following NDR email (which GMail flagged as spam, but I read anyway). Looks like the pissy spammer is using email addresses from his list in the From field, and generating false spam for BlueSecurity.
.EXE here: http:/// www.bluesecurity.com/ blue-frog/
I have deleted contact information at the end, for the sanity of those involved.
Begin
Subject: FW:Automaticly send 1000s of DDOS complaints for each spam you recieve
The trackback URL for this blog entry is:
http://community.bluesecurity.com/
Bringing spammers to Their Knees:
Bluesecurity.com hopes you'll join thousands of others in an army capable
of crippling spammers' Web sites.
A few thousand spammers have ruined our internet. They've clogged our
mailboxes with filth. Already, 90% of email traffic is made up of
spam. Let us no longer blind ourselves to the irrefutable facts:
current measures have failed to stop spammers. The experience of the
past several years has proven that passive measures are just not the
answer.
Retribution is the only real answer to spam. We must punish spammers
ourselves to prevent them from taking over cyberspace. We must reclaim
our territory. We need direct action to eliminate spammers for good.
The magnitude of the task which lies before us is great. We are fighting
for the future of the Internet. What we need to do now is get as many
users as possible into our community. We already have a botnet with
hundreds of thousands of computers working together to induce commercial
loss on spammers and their ISPs. We have launched numerous
Denial-of-Service Attacks on Chinese spam networks with great success,
and plan many more!
We have excellent financiers who allow us continued success with our botnet
growth and Denial-of-Service Attacks. We thank the government agencies
involved
for their continued cooperation. We thank our leader, Eran Reshef,
for continued strategies of DoS attack operations. Also, US-based Rembrandt
Ventures & Skybox Security for their extensive funding & continued support.
And a
very special thanks to Douglas Schrier who has helped our botnet come to
life.
If you haven't signed up with the registry and installed a blue frog yet,
please sign up now.
If your friends have not yet joined us, we will convince them to do so.
Let's stop filtering spam and start eliminating spammers.
Together, we will reclaim the Internet, One ddos at a time.
Please Contact Us for any questions on signup via the following info:
address and phone deleted
Israel HQ: address and phone deleted
Current and potential investor relations:
Rembrandt Venture Partners address and phone deleted
Fight back spam! Join our Botnet today.
Download our
Web 2.0 == Giant Blogspam Circle Jerk
It just depends on how good your bayes filter is. I agree though that it was much more effective back in the day. Now things like the SURBL are essential. Spammers have to make money some how. To make money they have to get you to buy one of the contract company's products. To get you to buy one of their products/services they have to get you to their website. That's where you nail them. No matter how well they obfuscate the URL you can always figure out what site they're trying to spamertise. Then you just use that as your qualifier for identifying spam. The SURBL is nice.