2 September 2003 Spammers have launched a major distributed denial of service attack (DDoS) against anti-spam organisations, in an action involving up to 100,000 compromised machines.
The attack, which started last week, has been so great that two popular free services provided by Osirusoft have been forced to shut down, while another popular service, SpamCop, was temporarily floored last week after its Internet service provider (ISP) was overwhelmed.
Spammers frequently using DDoS attacks to try and cripple their opponents in the anti-spam community, but the size and scale of the latest attack is unprecedented.
Joe Jared of Osirusoft said he was forced to take his service down last week after his servers were overwhelmed by a flood of data packets amounting to some 1 gigabit per second (gbps). His attempt to side-step the attack by changing to secondary IP addresses also failed.
According to Jared, the attacks have been running for several weeks. “I had to shut it down to protect my livelihood,” he told US cable television network MSNBC.
The shutdown affected many companies and ISPs that used Osirusoft’s services.
Osirusoft provided two main anti-spam tools. The first was a home-grown blacklist of IP addresses of open relay-configured mail servers. Spammers scan the Internet for open relays to send millions of spam emails anonymously.
The second was as a host of the popular Spam Prevention Early Warning System (SPEWS), an aggressive anti-spam blacklist that lists entire IP address blocks if the ISP does not take action against spammers identified in those blocks.
Many legitimate businesses can find their email servers also blacklisted because they share a ‘net block with a spammer. However, as a result of SPEWS’ action, ISPs have been forced to clean up their networks, to the chagrin of spammers who cannot even threaten it with legal action because of its owners resolutely guarded anonymity.
However, SPEWS will soon be up and running again after a number of other organisations came forward. One of these organisations is the US Treasury Department, which also includes the US secret services.