In the early afternoon on May 2, the company received an ICQ message from PharmaMaster, claiming that an administrator for a top-level Internet service provider would start blocking traffic to the company's Web site, according to a timeline posted on the company's site. Soon after, the company verified that its home page became inaccessible to anyone outside of Israel.

The attack came as a surprise, Reshef said.

"We didn't expect a criminal would be able to exercise any control over the backbone," he said.

It's uncertain what exactly happened to Blue Security's site. The IP address for the Web site comes from a block owned by Alternet, which is a backbone network run by the former UUNet, bought by telecommunications company MCI Worldcom, and--as of February 2005--a part of Verizon. However, a representative of the telecommunications company said that Blue Security is not a customer and none of Verizon's administrators would filter out traffic--known as blackholing--to a Web site.

The filtered traffic marked only the beginning. Within a couple of hours, Blue Security's operations--separate from its Web site--came under denial-of-service attack, flooded with anywhere between 2 gigabits and 10 gigabits per second of traffic from tens of thousands of sources.

By then, the company was attempting to get back online. To workaround the backbone filtering that blocked access to its home page, Blue Security decided to change its domain name system (DNS) entries to point to its former blog, hosted by Typepad. A half an hour later, an attacker leveled a flood of packets at bluesecurity.com, but because of the DNS change, the flood did not hit Blue Security's servers but the servers of blog hosting service Six Apart. In what Six Apart called a "sophisticated attack," the company's two blog services--LiveJournal and TypePad--as well as several other portals--such as MovableType.com and SixApart.com--became inaccessible for nearly 8 hours.

"This has affected all of Six Apart's sites, causing intermittent and limited availability," the company said in a statement posted at the time. "Our network operations staff is working around the clock with our Internet access providers to resolve the issue."

Six Apart foiled the attack on its servers early in the morning on May 3 GMT, and the attacker shifted to Blue Security's domain name service provider, Tucows. That attack took out various services offered by the Internet service provider for nearly 12 hours, with its domain name service hit hardest, said Elliot Noss, CEO for Tucows.

"We deal with attacks on a regular basis, and this was an order of magnitude larger than what we are used to seeing," Noss said. "For the first part of the attack, this was seen as a network problem, because it caused connectivity issues for two of our three upstream providers."

Tucows final solution was to "duck away from the problem"--in Noss's words--essentially removing Blue Security's DNS records from its system. The move essentially made Tucows' DNS servers disappear for any computer looking up the address for bluesecurity.com, blunting the attack but also foiling any legitimate user that wanted to find bluesecurity.com.

Blue Security's Reshef, who praised Six Apart for keeping his company's Web page online and accessible, had stern words for Tucows strategy.

"Tucows took us down," he said. "Rather than standing up with us in the fight, they deserted us. They didn't even call us."

Last week, Blue Security hired well-known DoS-defense firm Prolexic to bring its sites back online. While its home page returned to the Internet, consistent service to the Blue Frog clients remained elusive. In an e-mail message sent last week, Reshef indicated the company fully intended to continue to take the fight to spammers.

Then the situation again changed drastically: PharmaMaster took the battle to the company's paying subscribers.