The recent distributed denial of service attack as well as joe job attack against Blue Security indicates that offensive tactics against apammers are working. A program called "Blue Frog," created by Blue Security, caused signed up computers to send complaint messages to the sale forms on web sites advertised by spam.
Some say Blue Security was engaged in a distributed denial of service attack against spammers' websites, but this isn't true. The way Blue Security's program worked is: spam was forwarded by Blue Frog users to a special Blue Security email address. Blue security parsed each forwarded email to extract the web site URL of spamvertised web sites. Blue Security would then try to contact the owners of the spamvertised web site and try to get them to stop spamming Blue Security users. However, when spammers refuse to stop spamming Blue Security users, the Blue Frog program on each Blue Security user's computer would be instructed to post a complaint on the web site of the spamvertised page. One complaint would be sent for each spam that user received.
As a Blue Frog user, I noticed my spam had significantly decreased within a couple of weeks after registering for Blue Security's program. This, however has changed in recent days. A distributed denial of service and Joe Job attack has taken down the website of Blue Security. Threatening spams were also sent out to Blue Security members telling them to discontinue their membership in Blue Security's anti-spam program or else they would keep receiving these spam threats.
As people desperate to reclaim their inbox come up with innovative ways to do so, spammers are coming up with innovative ways to continue to pump out their crap while avoiding retribution from their victims.
Like Spammers' web sites, Blue Security has a big weakness - the web site. Blue Security's presents a critical weakness - it presents a large target for attack. A solution for Blue Security is to step up the anti-spammer program while removing the main target for attack. This can be accomplished by using peer to peer protocols for distributing instructions to each computer running the Blue Frog program.
The way it would work is for Blue Security to create a file containing instructions that direct computers running the Blue Frog program to complain to spamvertised web sites at the correct time. This file should be cryptographically signed so as to make forgeries extremely difficult. Once this instruction file is created and signed, it can be distributed by a peer-to-peer protocol such as Gnutella. The file name of the instruction files should have an unique beginning part as well as a creation date at the end of the filename and Blue Frog programs should stop redistributing and delete the old complaint instruction file when a new instruction file is downloaded and verified. Because each computer running the Blue Frog program will also redistribute this instruction file, there would be a massive number of targets too spread out for a D.D.O.S. Spammers will once again be forced to stop spamming Blue Security registered email addresses or face the consequences.
Spammers made a grave mistake in trying to bully me into stop using Blue Security's program. They have the unmitigated gall to knowingly send threatening spams to users of Blue Frog. Do they not know that they'd never make money spamming people who are so fed up with spam to use the likes of Blue Frog?
I guess it's a power thing to spammers to try to shut down anyone challenging their operation. Until Blue Security gets back up and running, here a few open source programs to use to fight back against the spammers.
SpammerSlapper is a Java applet that repeatedly visits the websites of spammers. This applet requires network privileges in order to create web traffic to other websites, so that is the reason why it is signed. The Java source code is embedded within the applet archive so feel free to have a look.
SpamFryer is a stand-alone Java application that allows someone to type in the http:// or https:// URL of a spamvertised website and also set the number of repeated visits.
SpammerSlammer is a cgi program that runs on my website. It creates real-looking, but fake, information that can be entered onto order pages of spamvertised websites. The fake information is designed to pass just about every verification scheme, yet it's totally useless to the spammer. The credit card numbers that are generated are known to not work and don't belong to anyone. They're standard test numbers randomly selected from a list.
By sending my the threatening message below, spammers have only made me angrier and strengthened my resolve to give them more of what they give to frustrated users.
This anger is what made me come up with a near bulletproof way of getting Blue Frog back up and running.
You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).
You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.
How do you make it stop?
Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.
We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.
By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.
Why are we doing this?
Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.
If BlueSecurity decides to play fair, we will do the same.
We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.
If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.
We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.
You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..
Just remove yourself from BlueSecurity, and make it easier on you.
Douglas Elliott
I like the part about not playing fair.
The spammers are not playing fair by them sending their crap out to people who specifically have taken measures to not receive their crap. By hiding behing viruses worms and malware, spammers think they can avoid retribution, but they have another think coming.
