Botnet assault: Spammers launch DDoS offensive

Summary:The spammers behind last year's destruction of Blue Security are back with a vengeance, using a variant of the 'Storm Worm' malware to launch a sustained distributed denial-of-service attack against three anti-spam services.

The spammers behind last year's destruction of Blue Security are back with a vengeance, using a variant of the 'Storm Worm' malware to launch a sustained distributed denial-of-service attack against three anti-spam services.

Spamhaus
The ongoing attacks, which use botnets of hijacked Windows computers, successfully shut down the Web servers that power the Spamhaus Project, URIBL (Realtime URI Blacklists) and SURBL (Spam URI Realtime Blocklists (SURBL).

A note from Steve Linford of the Spamhaus Project explains the assault:

The attack is being carried out by the same people responsible for the BlueSecurity DDoS last year, using the Storm malware.

The attack method was sufficiently different to previous DDoS attacks on us that some of it got through our normal anti-DDoS defenses and halted our web servers.

At 02:00 GMT we got the attack under control and our web servers are now back up, www.spamhaus.org is running again as normal.

The attack is ongoing, but it's being absorbed by anti-DDoS defenses. Also under attack by the same gang are SURBL and URIBL.

Storm is the 'nightmare' botnet, capable of taking out government \facilities and causing much mayhem on the internet. It has 3 functions; sending spam, fast-flux web and dns hosting mainly for stock scams, and DDoS. There is a hefty international effort underway by cyber-forensics teams in a joint effort by law enforcement and private sector botnet and malware analysts to trace the perpetrators.

The Storm Worm Trojan has been linked to similar attacks against anti-spam services, anti-rootkit software providers and even malware researchers.

Topics: Security, Malware

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.