BlackFrog to Take up BlueFrog's Flag

Runefox writes "ZDNet UK has a story about a new SPAM defense mechanism called BlackFrog, a response to the demise of Blue Security's BlueFrog. According to the article, the new service is based on a P2P network of clients, called the 'Frognet', which allows the opt-out service to continue functioning even after a server has gone down, making a DDoS attack like that which crippled BlueFrog ineffective against the new service."

Poisonous frogs?

[RingDev]

How long until some hacker poisons the peer system into spamming a legitimate site?

-Rick

seems insecure

[robinesque]

Sounds sort of insecure for a project like this to be openly editable to the public via a wiki and p2p network.

OMG vigilantes

[giorgiofr]

I can imagine the slew of whiners who will complain about such a vigilante approach to this problem.
Well, remember Firefox, "We're taking back the web"? That's exactly what we're doing here. It's the only strategy that's going to work. Bitching and moaning won't get you a clean mailbox. Taking spammers down will.
If you disagree with fighting fire with fire, I suggest you also criticize any and all law enforcement activities. They're simply state-sponsored vigilantes.

Automatically clicks Unsubscribe links in Spam?

[Robmonster]

From their wiki:-

Okopipi will automatically click the "opt-out" or "unsubscribe" links contained within the emails and/or report the spam to the appropriate authorities.

I thought that it was generally a bad idea to click unsub or opt-out links in Spam messages since it only server to prove they have a valid email address and the receipient actually reads Spam messages.

Re:Blue Security's reason for shutting down

[mikael_j]

You're getting things mixed up, I think most users were quite willing to get involved in the cyber-war, the problem was that the company didn't have the resources to fight it.

I'll probably sign up for this blackfrog thing once I've checked it out. In fact, I'd probably consider giving money to someone collecting money to pay someone else to beat the shit out of the world's top spammers. I'm serious, they're scum..

/Mikael

Before comparing to DDOS, or botnets. Be informed

[mybootorg]

Ok folks, let get a few things straight.

Blue Frog was NOT effective not as a denial of service attack or distributed denial of service attack. It was never meant or designed to be. The Russian spammer said it himself - they never brought down our servers, they only served as "a daily nuisance". The nuisance was this: for every spam that the spammer sent to the some 500,000 Blue Frog members, an automated script (bot) visited the website advertised and filled out the form for snakeoil, home refinancing -- whatever was being hawked. But instead of filling it in with valid input from someone interested in what the website was hawking, it filled it in with a legitimate plea from a single person to Opt-out of being spammed further. With me so far?

The spammer -- or worse, the spammer's client -- in turn, goes to check on their database of people or leads to which they can hawk their snakeoil and generic viagra and low and behold, instead of being filled with legitimate contacts of people they can do business with -- it's filled with hundreds upon thousands of opt-out requests.

Undoubtedly there are real requests from potential business contacts in there. But first they have to filter out all the opt-out requests that Blue Frog has submitted.

Sound familiar? It sure does. It's what we've been putting up with for years. We open our Inbox and instead of seeing email from friends and business associates, we first have to sift through and filter a few gazillion pieces of spam -- each with "Hi How are you?" and "Important Account Information" fake titles. Only then can we get down to the email that's actually sent to us. It's a nuisance.

Blue Frog forced spammers to deal with the SAME NUISANCE they cause us. And the spammers didn't care for it too much. They don't care about opt-out requests, the Internet, what people think of them, possible prosecution --- all they care about is making money and they're making it by the truckload. The fact that Blue Frog actually bothered them enough to use their botnets to attack is VERY encouraging. It means we've found a way to kick them in the ass and make it hurt.

Please don't compare Blue Frog or Black Frog to a DDOS or DOS. As the Russian Spammer demonstrated with his attack, what little network disturbance Blue or Black Frog causes for the spammer or spammer client server pales in comparison to a real attack. Mainly because it isn't meant to be an attack in the first place.

If Black Frog ends up with 1,000,000 subscribers, then lets talk DDOS.

Re:Uhm... Okopipi

[Magee_MC]

Okopipi is a poisonous blue frog. Quite appropriate I think.

As to the fact that it isn't "marketable", who cares. Would anyone have thought google was marketable before they started? If the product is good enough, the market doesn't care about the name.

Re:Never trust the users

[sk8king]

>I think one method for this to work is for each suggested target be evaluated by each member. The >member has to agree that this is a valid target before his account participates in the attack.

With a certain threshold of participants required before the attack even takes place. If there are 100 members, perhaps 20 would need to agree on the item in question being spam. 15 wouldn't be enough to initiate a retaliatory opt-out.

I wonder how much of the "background" noise on the internet is this sort of crap floating around....DNS requests for viruses, port scanning for viruses, traffic in the form of spam, spam responses, systems to deal with spam....probably more than anyone realizes.