Antispam service provider Blue Security shored up its defenses on Friday after a massive denial-of-service attack made the company's Web site and service inaccessible for more than three days. Blog hosting service Six Apart and registrar Tucows had fully recovered from collateral effects of the attack, which had caused hours of outages at the two companies.
The series of attacks started with a spammer inundating customers that had signed up with Blue Security's Blue Frog service. A top-10 spammer, known as "PharmaMaster," had claimed responsibility for the attack, according to a statement published on Thursday by Blue Security. Following the attack, the spammer was able to get a network administrator to make a change at the backbone level which made the Internet address of Blue Security's main Web site unreachable, the company claimed. When the Israeli company changed its domain-name service record to forward visitors to a former blog site hosted on Six Apart's service, the spammer followed with a massive distributed denial-of-service attack, the companies said in separate statements.
"Thirty minutes after Blue closed its Israeli site and posted a note on its blog site, PharmaMaster ruthlessly ordered a massive, sophisticated DDoS attack against any site associated with Blue," Eran Reshef, CEO of Blue Security, said in his company's statement.
Blue Security allows consumers to sign up for its service for free. Each consumer loads a special software agent that integrates with Yahoo! Mail, GMail and Hotmail and uses a central database to check incoming e-mail messages for known spam. When a match is found, the software selects a form from the site advertised in the e-mail message, and submits a message asking to be removed from the spammer's list. Because Blue Security has almost 500,000 consumers signed up, companies who use spam lists will likely have their Web sites inundated with hundreds of thousands of messages.
Tucows had a variety of services impact, with DNS resolution most heavily hit, for about 12 hours from noon EST on Wednesday, the company said.
It's currently unknown if the attacks were some form of standard distributed denial-of-service attack or a DNS recursion attack. Some sources have indicated that a mix of attacks were used.
CORRECTION: The original article contained two technical mistakes in the description of Blue Security's service. The service's central database identifies what is spam, while the opt-out process involves submitting a message to remove the consumer to a randomly selected form on any Web site advertised in an unsolicited message.
Posted by: Robert Lemos