nanog mailing list archives

Re: Another DNS blacklist is taken down

From: Steve Linford <linford () spamhaus org>
Date: Mon, 29 Sep 2003 20:11:32 +0100

[at the risk of angering the moderator, quite rightly since thisthread is bordering on OT - apologies moderator!]


At 14:04 -0400 (GMT) 29/9/03, Dan Armstrong wrote:

 These BLs that leveraged their "wild west" style, unaccountable
 [rant probably directed at 'spews' snipped]
 I think it's a cop out to think that it was the spammers themselves
 who did this. Spammers are not smart enough to do things like that...

Ehm, we actually have proof the spammers are doing the dDoS, at leastagainst Spamhaus. We can even see the spammer doing it on his IRCchannel, we know how many zombies he's controlling, where they are,where he's connected from and even his aliases and account names, wehave enough on him to put the Feds at his door ...should the Fedsever get interested.

MessageLabs have also compared the long list of servers participatingin the dDoS against Spamhaus, with their database of knownvirus-infected hosts. The test came back today showing that almostall the hosts attacking Spamhaus have all been recently identified byMessageLabs as being infected with the Fizzer worm.

We had in fact also been wondering if, as well as being responsiblefor sending SoBig the spammers might be responsible for other virusesas well. In particular we wondered how so many spammers were nowhosting their spamvertised web sites on rapidly-appearing zombies allover the net, that answered that too, since the summary of Fizzer(one of the most widespread viruses in the world) is:


    Fizzer is a complex e-mail worm that appeared on May 8,
    2003. The worm can spread itself in e-mails and in the
    Kazaa P2P (peer-to-peer) file-sharing network. The
    Fizzer worm contains a built-in IRC backdoor, a DoS
    (Denial of Service) attack tool, a data-stealing Trojan
    (uses external keylogger DLL), an HTTP server and other
    components. The worm has the functionality to kill the
    tasks of certain anti-virus programs. Additionally, the
    worm has automatic updating capabilities.

The world has to wake up to the fact that spammers are no longerstupid, there's a lot of money to be made spamming so crackers andscript kiddies have joined them. We've had open relays, we've hadopen proxies, the future of mass spamming is by way ofever-more-powerful viruses.


--
  Steve Linford
  The Spamhaus Project
  http://www.spamhaus.org

Current thread:

Re: Blacklisting: obvious P2P app, (continued)
- - - Re: Blacklisting: obvious P2P app Damian Gerow (Sep 24)
- RE: Another DNS blacklist is taken down Joel Perez (Sep 24)
  - RE: Another DNS blacklist is taken down Justin Shore (Sep 24)
    - RE: Another DNS blacklist is taken down Mike Batchelor (Sep 29)
    - Re: Another DNS blacklist is taken down Jared Mauch (Sep 29)
    - Re: Another DNS blacklist is taken down Dan Armstrong (Sep 29)
    - Re: Another DNS blacklist is taken down Jared Mauch (Sep 29)
    - Re: Another DNS blacklist is taken down Mike Tancsa (Sep 29)
    - Re: Another DNS blacklist is taken down Dan Armstrong (Sep 29)
    - Re: Another DNS blacklist is taken down Jared Mauch (Sep 29)
    - Re: Another DNS blacklist is taken down Steve Linford (Sep 29)
- RE: Another DNS blacklist is taken down Mark Segal (Sep 24)
  - RE: Another DNS blacklist is taken down Justin Shore (Sep 24)
    - Re: Another DNS blacklist is taken down Leo Bicknell (Sep 24)
  - Re: Another DNS blacklist is taken down Jack Bates (Sep 24)
    - Re: Another DNS blacklist is taken down Chris Lewis (Sep 24)