Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Happened to Blue Security

Posted by ryuzaki0 on from the bad-news-for-anti-spam dept.

shadowknot writes "Blue Security has published a detailed account of the attack on their servers perpetrated by spammer "PharmaMaster". The attack included a DDoS attack on the Blue Security operational system and a Black Hole filtering attack on the Blue Security website. From the article: "The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system."

4 of 293 comments (clear)

  1. Coral Cache by Rob+T+Firefly · · Score: 5, Informative

    They deserve a break.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  2. Re:Yup, this sucks. by ZachPruckowski · · Score: 5, Informative

    Someone used their tool to clean a list, then compared the clean list to a "pre-scrub" list, which means they didn't gain any email addresses, they just learned something about the emails they already had been sending spam to.

    Don't quit Blue Security. My philosophy boils down to "millions for defense, not a penny for tribute" (Jefferson).

  3. Re:For the lazy :) by Anonymous Coward · · Score: 5, Informative

    FFS, RTFA. They clearly say that they were blackholed (*NOT* under a DDoS attack) when they redirected their DNS record to point to their blog. It was only after 'PharmaMaster' realized that the record had changed that the DDoS was launched.

    PharmaMaster went forth with the DDoS with the full knowledge that he was going to hit Six Apart's servers. That was the entire point -- he wanted BlueSecurity off the net entirely and was willing to step on anyone to get it done.

    This was not malicious on BlueSecurity's part.

  4. Re:"operational system" by Da_Weasel · · Score: 5, Informative
    During the DDoS and Blackhole filtering it was only operational in Isreal. The rest of the world was cut off. There were also threatening emails sent to registered users. According to Blue Security their database was not comprimised and the spammer was actually using his own email list to send these email out. Since then I have been receiving 2-3 messages a day from the spammer which contains nothing but the DNS WHOIS record for bluesecurity.com. Here is a copy of the first message I recieved:

    "Hey,You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).

    You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

    How do you make it stop?

    Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.

    We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

    By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

    Why are we doing this?

    Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity. Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

    If BlueSecurity decides to play fair, we will do the same.

    We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.

    If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.

    We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.

    You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..

    Just remove yourself from BlueSecurity, and make it easier on you.

    Marta Tanner"

    --
    If you must!