North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Another DNS blacklist is taken down
[at the risk of angering the moderator, quite rightly since this thread is bordering on OT - apologies moderator!]
At 14:04 -0400 (GMT) 29/9/03, Dan Armstrong wrote:
Ehm, we actually have proof the spammers are doing the dDoS, at least against Spamhaus. We can even see the spammer doing it on his IRC channel, we know how many zombies he's controlling, where they are, where he's connected from and even his aliases and account names, we have enough on him to put the Feds at his door ...should the Feds ever get interested.These BLs that leveraged their "wild west" style, unaccountable [rant probably directed at 'spews' snipped] I think it's a cop out to think that it was the spammers themselves who did this. Spammers are not smart enough to do things like that...
MessageLabs have also compared the long list of servers participating in the dDoS against Spamhaus, with their database of known virus-infected hosts. The test came back today showing that almost all the hosts attacking Spamhaus have all been recently identified by MessageLabs as being infected with the Fizzer worm.
We had in fact also been wondering if, as well as being responsible for sending SoBig the spammers might be responsible for other viruses as well. In particular we wondered how so many spammers were now hosting their spamvertised web sites on rapidly-appearing zombies all over the net, that answered that too, since the summary of Fizzer (one of the most widespread viruses in the world) is:
Fizzer is a complex e-mail worm that appeared on May 8,
2003. The worm can spread itself in e-mails and in the
Kazaa P2P (peer-to-peer) file-sharing network. The
Fizzer worm contains a built-in IRC backdoor, a DoS
(Denial of Service) attack tool, a data-stealing Trojan
(uses external keylogger DLL), an HTTP server and other
components. The worm has the functionality to kill the
tasks of certain anti-virus programs. Additionally, the
worm has automatic updating capabilities.
The world has to wake up to the fact that spammers are no longer stupid, there's a lot of money to be made spamming so crackers and script kiddies have joined them. We've had open relays, we've had open proxies, the future of mass spamming is by way of ever-more-powerful viruses.
The Spamhaus Project