MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat 
MSN.comClick here!
Home page

Spam block lists bombed to oblivion
‘Bad guys have broken out the nuclear weapons,’ victim says
By Mike Brunker
Sept. 24 — Denial of service attacks by “zombie armies” of compromised computers have put two more spam-blocking lists out of business, adding to the body count in what one victim described as an “all-out war” raging in cyberspace.

E-mail ThisComplete Story
Advertising on MSNBC

Click Here!
Click Here!


       THE OPERATORS of the and “block lists” - used by Internet service providers and businesses to filter out incoming spam before it reaches end users - both announced this week that they are abandoning the services in the face of distributed denial of service attacks (DDOS) that have targeted anti-spam sites offering the lists this summer.
       “It just wasn’t feasible to run this (list) and make ourselves a large target anymore,” said Bill Larson, network administrator for the Tennessee-based Internet Service Provider Compu-net Enterprises.
       In withdrawing from the field of battle, they join, which announced earlier this month that it would no longer host the Spam Prevention Early Warning System, also known as SPEWS.
       Other block list providers, including, and the Spam & Open Relay Blocking System (SORBS) also have reported being subjected to increasingly intense DDOS attacks from thousands of compromised computers known as “zombies.”
       The “zombie army” is being marshaled by mysterious opponents of anti-spam forces who use virus-infected e-mail and hacking techniques to take control of machines from unknowing users, most of whom haven’t taken the precaution of installing firewalls or anti-virus software to protect them from intruders.

How spammers and foes do battle
•  Profiles of the prolific: The Top 10 spammers

       Ron Guilmette, who operated the block list for more than a year and a half before shutting it down Monday night, said in a news group posting announcing the list’s demise that he had “underestimated both the enemy’s level of sophistication, and also the enemy’s level of brute malevolence.”
       Guilmette, of Roseville, Calif., told on Wednesday that his mail, web and DNS servers were bombarded by data packets directed at from “more than 10,000 machines” in DDOS attacks that lasted for 10 days beginning on Aug. 19 and then resumed again late last week.
       He said that while his “small fry” operation was more susceptible than some of the bigger lists like SPEWS and Spamhaus, none of the anti-spam services are impervious.
       “All of these services are now under criminal attack, which is premeditated and financially driven,” he said. “It’s all-out warfare and the bad guys have broken out the nuclear weapons.”
       In the case of Compu-Net, Larson said he made the decision to cease operating the list not because of a DDOS attack, but because of an escalating case in which someone was forging company e-mail addresses on spam, causing many thousands of messages to “bounce” back and threatening to overwhelm the company’s e-mail servers.
       In addition to the bounced e-mail, Larson and other members of Compu-Net staff were forced to handle a flood of abuse complaints from people who wrongly believed the company was spamming them and deal with “threats against ourselves, our servers and our Internet connection,” he wrote in a posting to the (NANAE) news group.
       And he feared that the DDOS attacks that have targeted other block list operators would be next.
       “As an ISP, if we got hit by a denial of service attack that lasted a week or 10 days, we would be out of business,” Larson said, explaining the decision to cut and run.
       Earlier this month, the cyberattacks forced Joe Jared, who had been hosting the Spam Prevention Early Warning System, also known as SPEWS, at his Web site, to suddenly pull the plug on the popular but controversial block list.
AdvertisementNewsweek World Update

Add local news and weather to the MSNBC home page.

       Jared’s action blocked access to the Web site, though mirror sites with the list continued to operate, enabling network administrators to reconfigure their systems to query the alternate sites.
       Other block lists, which are used by Internet service providers and businesses to filter out the majority of incoming spam before it reaches the end users, have come under siege from distributed denial of service (DDOS) attacks this summer. The bombardment of massive amounts of data has intermittently prevented subscribers or users from gaining access to lists at Web sites of,, and the Spam & Open Relay Blocking System.
       DDOS attacks have been used against anti-spam sites before, but this summer’s onslaught appears to be more systematic and intense than anything seen before.
       “There’s not much doubt in my mind that the various attacks are the work of the same person or organization,” Julian Haight, president of Seattle-based, which has been under attack intermittently since mid-July, told earlier this month.
       While it’s not clear who is behind the campaign, suspicion has focused on renegade spammers, who have an obvious motive.
       “These block lists have become more and more effective as they’ve become focused, so they’ve started to hit home,” said Jesse Dougherty, director of development with software solution provider ActiveState.
       The block lists have alienated some in the Internet community by blocking users who have nothing to do with spam, either accidentally or, in the case of SPEWS, as a deliberate tactic aimed at pressuring Internet service providers to crack down on spammers on their networks. But because the attacks are targeting multiple sites rather than just one or two, most experts say spammers are more likely culprits.
       “It has been suggested to me that the person (behind the attacks) could be a site that I’ve erroneously blamed for spam, but given the amount of resources being put into it I’d certainly vote for the spammer,” said Haight.
       Haight, who said that SpamCop was knocked offline periodically in the early days of the attack in mid-July, said it will cost about $30,000 this year to pay for a content distribution network capable of withstanding such assaults.
       Britain’s also has been able to withstand steady attacks that began more than 2´┐Ż months ago, chief executive Steve Linford told the Boston Globe earlier this month.
       “We’re usually under attack from 5,000 to 10,000 servers at once,” Linford was quoted as saying. “They’re extremely large attacks that would bring down just about anything.”
       Some security experts, and many in the anti-spam community, believe that spammers have been behind recent viruses that have placed malicious “Trojan horse” programs on vulnerable computers, creating the network of “zombies” that can be remotely ordered to launch such attacks.
       And while there is no hard evidence, some believe that the “sobig” family of viruses may be recruiting for the zombie army.
       Guilmette, the former provider of the block list, said the electronic bombardment of his site began “at 11:27 p.m. Pacific Time on Aug. 19, which coincidentally or not was the same day that sobig.f started to make the rounds.”
       While the escalating attacks have the anti-spam community up in arms, there is no indication that law enforcement yet considers them to be serious.
       “I went to my local police and I had to twist their arms just to get them to take a report,” said Guilmette, adding that he called his local FBI office and left a message but was never called back.
       But the longtime spam fighter said he bears more of a grudge against big ISPs like AT&T and UUNet, because they are in a better position to halt the attacks.
       “If had been under attack for 10 days, you can bet your ass that the big providers would have gone to the lower level ISPs and and asked them to shut off the machines that were part of the zombie army that was doing the attacking,” he said. “In my case they told me all I could do was try to ride it out and hope for the best.”

 fact file 
What is spam?

What is spam?                
While most e-mail users think they know spam when they see it, it has proven surprisingly difficult to define. Some of the most-common definitions being bandied about in connection with plans to regulate spam are: unsolicited commercial e-mail (UCE), which excludes unsolicited political messages and possibly outright fraudulent ones; unsolicited bulk e-mail (UBE); unsolicited commercial bulk e-mail (UCBE); and unsolicited electronic mail solicitations (UEMS), which would include even single unsolicited e-mails. Many e-mail marketers prefer a definition that would require unsolicited messages to be fraudulent, deceptive or objectionable before they would be considered spam.

Who sends it?
The spammers who flood your inbox on a daily basis are most likely members of a relatively small, shadowy group of pros capable of generating hundreds of millions of e-mails each day and using high-tech evasive tactics to avoid detection. Together, these big operators send the vast majority of unwanted e-mail. But they don’t work for free, and a wide variety of small-time crooks, inventors and even major U.S. companies may ultimately be behind the campaigns.

What does it cost?
Each year spam costs each U.S. end user between $30 and $50 and companies $730 in lost productivity for every employee with e-mail, according to the Anti Spam Research Group.

Legal landscape
Check the law in your state and the status of efforts to pass federal legislation at

1. Protect your address
Most spammers build e-mail lists by harvesting from Web pages and Usenet postings. So avoid putting your e-mail address on your Web page. If you feel you must, one helpful trick is to encode your e-mail address using HTML characters rather than simple text.

2. Diversify
Use multiple e-mail addresses, and save one for filling out Web forms and submitting to companies. That will keep spam out of your primary e-mail.

3. Read carefully
Read online forms and software registrations carefully. Be sure to "opt-out" at every chance, letting companies know you don't want them sharing your e-mail.

4. Complain
Not enough individuals go to the trouble of figuring out who's really behind the spam. Reading e-mail headers isn't as hard as it sounds -- click here for a good primer.

Generally, once you learn the actual sender's domain name, an e-mail to [email protected] will do the trick. If it doesn't, here's a link to a site with more details on finding the right e-mail address for complaints:

Printable version

InfocenterWrite UsNewstoolsHelpSearchMSNBC News
Shopping on MSN
McAfee Internet Security 5.0
McAfee Internet Security 5.0
McAfee Internet Security is a comprehensive, easy-to-use, and automatic way to safeguard your PC, you, and your family from online threats.
Free Overnight on Software & Mor


Would you recommend this story to other readers?
not at all   1    -   2  -   3  -   4  -   5  -   6  -   7   highly

  Download MSN Explorer!
  MSNBC is optimized for
Microsoft Internet Explorer
Windows Media Player
MSNBC Terms,
  Conditions and Privacy ´┐Ż 2003
Cover | News | Business | Sports | Local News | Health | Technology & Science | Entertainment
Travel | TV News | Opinions | Weather | Comics
InfoCenter | Newsletters | Search | Help | News Tools | Jobs | Write Us | Terms & Conditions | Privacy
  MSN - More Useful Everyday
  MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat
  ´┐Ż2003 Microsoft Corporation. All rights reserved. Terms of Use  Advertise  Truste Approved Privacy Statement  GetNetWise
iHateSpam, iHatePopUps, PestPatrol Bdl Incl CD 1 Y
iHateSpam, iHatePopUps, PestPatrol Bdl Incl CD 1 Y
10% off Software & Games