BlueSecurity Database Compromised?

EElyn writes "Numerous users of Blue Security's anti-spam system now report of a new form of aggressive spam. An unknown group of spammers claim to have derived a way to extract the member email addresses of Blue Security group's anti-spam system, called Blue Frog. Blue Frog, a small tool which once installed on the user's computer, enables Blue Security to systematically flood a known spammer's website with opt-out messages; much to the headache of the spammer. Tens of thousands of users have already signed up, so can it really be true that spammers now possess this database? Or is this yet another frail attempt by spammers to intimidate the user?" Another reader sent the text of the letter; read more to see.

Stray1 writes ""You are recieving this email because you are a member of BlueSecurity...." An email from unknown detractors has taken the Bluesecurity anti spam lists and decided to take matters into their own hands. I recieved this Email from an anonymous, and garbled host, which went on to say in not so fantastic english that I, as a Blusecurity member, would recieve this and many more (about 20 -30) spam messages a day until I left the blue security community. Blue Security, (www.bluesecurity.com)a website and community designed to lessen your Spam Email, is down for the moment. Is this what we have come to? Spam,(erm 'high volume email') companys holding your address hostage until you comply? "...We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user". I have to say, up until this point, my spam was down by about 70% to 80%."

I'd call the bluff

If they're able to do so, what will stop them from *not* spamming you in the future anyway? Their ethics, integrity or your stupidity?

What I received

[Carny+Trash]

Here's what I was sent:

"Hey,
You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).

You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

How do you make it stop?

Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.

We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

Why are we doing this?

Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.

Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

If BlueSecurity decides to play fair, we will do the same.

We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.

If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.

We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.

You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..

Just remove yourself from BlueSecurity, and make it easier on you.

Sal Webber"

Re:Eye for an Eye?

[ScentCone]

When will the world learn, violence begets violence and spam begets spam. Lets find a real solution to the problem rahter then a vigalante justice.

Actually, I've found that things some people think are unfortunate or bad beget shallow, empty platitudes.

Sometimes, violence simply ends violence, because there is no other way. Sometimes, fighting fire with fire is the best way. Sometimes showing someone what it's like to suffer the consequences of their own actions actually changes their behavior.

I'm all for as many technical approaches as possible, but finding "a real solution to the problem" that doesn't involve some degree of making this painful/costly for the spammers simply isn't going to work. Even if, through filtering, you can get 99% of the stuff blocked, all they have to do is increase the volume that much more to make that remaining 1% still pay off. Remember, they're not paying for their own overhead most of the time.

Your "real solution" comment, in the context of "violence only begets violence" is completely tone deaf. You're applying Israeli-Palestinian-conflict-type babble to a completely different situation. The spammers are not oppressed, or the victims of some historical violent wrong... they're a parasitic, bandwidth sucking plague. Any means by which we can stop them is called for. Surely you don't think that you're going to just turn the other Bayesian Filter Cheek, or write a Korea-bound, thought-provoking appeal to integrity and expect the onslaught to stop? Tempting as it is, no one is suggesting actual violence - just a substantial response in kind, only when provoked. It's called self defense, and it's an appropriate measure because it only happens when an illegal spammer causes it to happen.

How fortunate for you that you've never had anything violent threaten you, requiring you to offer up a physical deterrent to stop it. If you had, you might rethink your metaphors.

Blue security must be working

[paladinwannabe2]

If BlueSecurity wasn't hurting Spammers they would ignore it. If they are fighting back it must mean that BlueSecurity is actually doing damage to them.

They don't have the database!

[drosoph]

From what I am seeing, I am now receiving 1,000s of these stupid "Because you are using the BlueSecurity Software ...." emails .... but they are all being directed to Mike, Jan, Cindy, Lucy, Bobby, and Greg@mydomain.com .... They are NOT directed to MY email address. These addresses that they are using were ONCE entered by an ignorant relative of my onto one of those online greeting card sites, (even mispelled) and those are the addresses that are being spammed. Since I ALSO registered my DOMAIN with BlueSecurity, I would ponder to guess that the spammers are using the domain list, matching it up to ANY email they have in their spam database with that domain and spamming the heck out of it. They HAVE NOT, I repeat, HAVE NOT hit ANY of my REGISTERED email addresses with BlueSecurity. They are only hitting random crap email addresses on my domain. They're shooting in the dark, they're angry, and they're running scared ... and I hope that you all keep up the good work!

Re:So, is the database compromised? No.

[MrNougat]

Comments on BlueSecurity forums last night demonstrate that users with multiple protected addresses are getting these attack spams to some, but not all, of the protected addresses.

What's lkely happening: Spammer has a mailing list. Spammer uses BlueSecurity's "cleanlist" tool to clean registered addresses from his mailing list. Compare original list to cleaned list - email addresses that are in the first but not the second are BlueSecurity registered.

By this logic, email addresses that the spammer does not already have are not made available to the spammer in any way via BlueSecurity's own list. Delivery patterns of the attack spams support this observation.

I'll also note that Gmail's own spam filters are already capturing all of these attack spams; I only got two in my mailbox this morning, about 50 more were filtered.

This is the first time I'm aware of that a spam prevention service has worked so well that it's got a spammer pissed off enough to lash out. BlueSecurity++

Re:What must be done

[macdaddy]

I used to be a big anti-spammer, back when I had time on my hands. I generated a list of proper-pronouns that was somewhere just over 500k long (I forget the exact #s now). I wrote a number of scripts that used wget and curl (depending on the form) to stuff addresses generated from the pronoun list and about a dozen spam-hole domains I registered into those Remove Me forms. Within hours I was getting tens of thousands of pieces of spam. Within days my Cox cable connection was saturated. I offloaded it onto a co-lo box for another couple of months before I finally changed the MXs to 127.0.0.1 and shut the system down. I had automated scripts for auto-forwarding a copy of the spam to the FTC and to post the messages to NANAS (news.admin.net-abuse.sightings). I also archived the incoming spam and used it to seed my Bayesian filters and DCC system for the ISP I worked for. I can't begin to tell you how effective that was. It was a helluva rig. I wish I still had time to dick around with that kind of stuff.