Spammers: BIG mistake
p2p news / p2pnet: The recent distributed denial of service attack as well as joe job attack against Blue Security indicates that offensive tactics against apammers are working. A program called "Blue Frog," created by Blue Security, caused signed up computers to send complaint messages to the sale forms on web sites advertised by spam.
Some say Blue Security was engaged in a distributed denial of service attack against spammers’ websites, but this isn’t true. The way Blue Security’s program worked is: spam was forwarded by Blue Frog users to a special Blue Security email address. Blue security parsed each forwarded email to extract the web site URL of spamvertised web sites. Blue Security would then try to contact the owners of the spamvertised web site and try to get them to stop spamming Blue Security users. However, when spammers refuse to stop spamming Blue Security users, the Blue Frog program on each Blue Security user’s computer would be instructed to post a complaint on the web site of the spamvertised page. One complaint would be sent for each spam that user received.
As a Blue Frog user, I noticed my spam had significantly decreased within a couple of weeks after registering for Blue Security’s program. This, however has changed in recent days. A distributed denial of service and Joe Job attack has taken down the website of Blue Security. Threatening spams were also sent out to Blue Security members telling them to discontinue their membership in Blue Security’s anti-spam program or else they would keep receiving these spam threats.
As people desperate to reclaim their inbox come up with innovative ways to do so, spammers are coming up with innovative ways to continue to pump out their crap while avoiding retribution from their victims.
Like Spammers’ web sites, Blue Security has a big weakness – the web site. Blue Security’s presents a critical weakness – it presents a large target for attack. A solution for Blue Security is to step up the anti-spammer program while removing the main target for attack. This can be accomplished by using peer to peer protocols for distributing instructions to each computer running the Blue Frog program.
The way it would work is for Blue Security to create a file containing instructions that direct computers running the Blue Frog program to complain to spamvertised web sites at the correct time. This file should be cryptographically signed so as to make forgeries extremely difficult. Once this instruction file is created and signed, it can be distributed by a peer-to-peer protocol such as Gnutella. The file name of the instruction files should have an unique beginning part as well as a creation date at the end of the filename and Blue Frog programs should stop redistributing and delete the old complaint instruction file when a new instruction file is downloaded and verified. Because each computer running the Blue Frog program will also redistribute this instruction file, there would be a massive number of targets too spread out for a D.D.O.S. Spammers will once again be forced to stop spamming Blue Security registered email addresses or face the consequences.
Spammers made a grave mistake in trying to bully me into stop using Blue Security’s program. They have the unmitigated gall to knowingly send threatening spams to users of Blue Frog. Do they not know that they’d never make money spamming people who are so fed up with spam to use the likes of Blue Frog?
I guess it’s a power thing to spammers to try to shut down anyone challenging their operation. Until Blue Security gets back up and running, here a few open source programs to use to fight back against the spammers.
SpammerSlapper is a Java applet that repeatedly visits the websites of spammers. This applet requires network privileges in order to create web traffic to other websites, so that is the reason why it is signed. The Java source code is embedded within the applet archive so feel free to have a look.
SpamFryer is a stand-alone Java application that allows someone to type in the http:// or https:// URL of a spamvertised website and also set the number of repeated visits.
SpammerSlammer is a cgi program that runs on my website. It creates real-looking, but fake, information that can be entered onto order pages of spamvertised websites. The fake information is designed to pass just about every verification scheme, yet it’s totally useless to the spammer. The credit card numbers that are generated are known to not work and don’t belong to anyone. They’re standard test numbers randomly selected from a list.
By sending my the threatening message below, spammers have only made me angrier and strengthened my resolve to give them more of what they give to frustrated users.
This anger is what made me come up with a near bulletproof way of getting Blue Frog back up and running.
**************************************************************
Hey,
You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).
You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.
How do you make it stop?
Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity’s database, if you arent there.. you wont get this again.
We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.
By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.
Why are we doing this?
Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.
If BlueSecurity decides to play fair, we will do the same.
We are quite sure you will think this will not continue, that we will not continue wasting our resources doing this, feel free to wait out the first 48, or the second, and see whether these stop, you will be quite suprised.
If you have another email under the protection of bluesecurity, and have not recieved this there, do not worry, you will soon enough.
We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user.
You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..
Just remove yourself from BlueSecurity, and make it easier on you.
Douglas Elliott
I like the part about not playing fair.
The spammers are not playing fair by them sending their crap out to people who specifically have taken measures to not receive their crap. By hiding behing viruses worms and malware, spammers think they can avoid retribution, but they have another think coming.
May 9th, 2006 at 5:12 pm
Yup just hack ‘em find and trace the spammer and fuck with their BIOS, not only will they have to get a new address but a new computer too.
May 9th, 2006 at 5:18 pm
I agree with the writer. I have always hated spam with a passion and been willing to take more time and effort to stop it than to just delete it. Now in addition to resenting spammers use of my inbox as their own I dont take kindly to being told what I can and cannot run in my systems tray on this computer I paid for. Whatever it takes, even if i have to give up the use of my present e-mail account, I would never delete a useful program under threat.
Bastards
May 9th, 2006 at 7:38 pm
This sounds just like the RIAA, just play the game by our rules and pay the fixed price we want and you will be happy.
May 9th, 2006 at 7:41 pm
13 comments to this story; in actuality there are only *3* shown. What happened to the missing 10?
May 9th, 2006 at 10:11 pm
they were all spam messages, repeated over and over by the same asswipe. i told jon about them and he deleted them. don’t blame the “site-op”! blame asswipe spammers!
May 9th, 2006 at 10:39 pm
Just because spammers did this, I’m going to join Blue Security and start using Blue Frog, just to piss them off. And if I get any emails threating me, I will forward it to the FBI and the FTC for further action, and forward it back to the spammer indicating that I have done so.
May 10th, 2006 at 12:30 am
For two years I forwarded spam mail to the FTC and Spamcop but they did little. I spent a half hour or more a day complaining and opting out of spam sites only to get an increase in spam. All CAUSE could do was complain as I was doing. I even wrote to my congressman and all I got was a nice polite letter in return but spam continued to flow freely. Can Spam was next to useless. We got “Can Spam” in 2003 and how many arrests have been made. I think we can count them on our fingers.
We all know that spammers will not identify themselves or their physical locations and they hide on the other side of national borders so what is left for us to do? That is until “Blue Security” came up with the idea to deal with spam at the source wherever they are located rather then at the receiving end with filters. “Blue frog” sends out opt out complaints on our behalf on a one for one basis after we forward our spam in to Blue Security with a couple clicks of the mouse for analysis. One complaint for one spam, a thousand complaints for a thousand spams. The spammer decides how many complaints he will receive to bog down his business by how many spams he sends to the BS membership.
What a wonderful Idea and as we see it really works. Thank goodness for the frog. —- James Junior
May 10th, 2006 at 6:28 am
That’s definitely mafia tactics the spammers use.
Time to sue them for threatening.
And to flood them with complaints for their tactics.
May 10th, 2006 at 6:28 am
That’s definitely mafia tactics the spammers use.
Time to sue them for threatening.
And to flood them with complaints for their tactics.
Arne Bab.
http://draketo.de
May 10th, 2006 at 9:26 am
There are 2 business to blame here.
1 the spammer, sue them
2 advertiser, sue them. Cut off the ability to process credit cards/paypal.
3 complaint to spam advertisers about them selling there product, cut of there ability to sell something.
It other words put them out of business.
May 10th, 2006 at 10:54 am
Only if Jon starts to play fair!!
May 10th, 2006 at 2:19 pm
A Truism ……
Those who commit the worst atrocities are the first to whine about playing fair.
May 10th, 2006 at 2:21 pm
Thank you for the address of the spam site to attack .
May 10th, 2006 at 3:29 pm
how do you sue a spammer when you can’t find them?? or if they are outside your country and the govt won’t get involved??
but on the other hand there are other ways around that. our company wanted to get a domain name that matched the company. it was already taken but not in use because the owner was squatting on it for big $$. we used a service that tracks the email. so every mail stop it went thru sent a reply back to us telling us the IP and location of where it went thru. and when the owner opened the email it sent us a reply (without the owner or mail stops knowing) and we found out his real name and address and took him to court.
May 10th, 2006 at 5:51 pm
You have no idea wtf you’re talking about… do you?
May 10th, 2006 at 5:58 pm
What exactly will you do in court with the owner of the domain? It’s your own damn fault for not registering the domain when you named the company.
May 10th, 2006 at 6:00 pm
Way simplified… and very naive.
May 10th, 2006 at 10:20 pm
Not too long ago (within the past month or so’s time) I posted a non-spam reply to a now-forgotten item here on p2pnet.net. I then returned to the main story, refreshed, clicked on the Comments (or whatever) link, and saw…. _nothing_.
Yes; there was an indication (”1 comment”, “2 comments”; whatever), but nothing to actually see, once at the Comments area. I must have refreshed a half-dozen times at least (including clearing Firefox’s cache, ad nauseum), but neither my comment or anything else appeared.
So, I tapped the “Back” button a few times, recovered the text of my original message, then posted it a second time, with the Subject-line including “2nd try”, in part (the remainder was neither spam nor profanity). Also included was an “admonishion” to the site-op; that, too, did not include profanity.
So to perhaps more-precisely refute/answer your comment of “they were all spam messages”, I say this: Why was _*my*_ commentary held back, until the proverbial tiger’s tail was twisted?
May 10th, 2006 at 10:36 pm
he who smelt it dealt it
May 10th, 2006 at 11:31 pm
someone above mentioned “playing fair”. i don’t think you’ll find anyone else with a news website who plays fairer than jon newton.
i don’t know about your missing messages. it’s happened to me, too. the best thing to do when that happens is to email jon immediately so he can sort the problem out.
i think there was a server change a month ago, so there might have been someglitches. but again, you must email jon to make him aware of a problem so he can get it sorted. i don’t have admin access, so i can’t tell you anything specific.
when this site gets those spams, like the ones i alerted jon about, it’s possible that in his haste he mistakenly deletes a real reply. he’s only human.
the best thing is to always email jon. he reads and answers all emails himself. he gets the problem fixed and explains it to everyone.
i don’t think you can play fairer than that.
May 10th, 2006 at 11:38 pm
Same on http://p2pnet.net/story/8729 and probably the same answer as below
May 15th, 2006 at 2:52 pm
rofl, here’s our next Neo in the making.
May 17th, 2006 at 6:33 pm
Granted I’m not a computer guru, but would it be possible to write a program that essentially did the same thing as BlueSecurity, just on the client side. What I mean is, would a program that took a spam mail, extracted the information, and posted a generic “remove me from the spam list” on the relevant websites, but with no connection to anyone else work? If enough people did this, it seems like it would have the same effect as BlueSecurity but without the susceptibility of a centralized server or even a decentralized network. Updates of some sort would probably be needed to keep up with the web addresses of advertisers, but at least to me it seems reasonable.
May 17th, 2006 at 9:33 pm
Looks like the spammers have won the first battle but well done to Blue Security for finding the way to eventually win the war. If you read the transcripts of the spammers discussion on specialham.com then they are clearly worried.
I like your idea about a p2p version. Just remember that people involved in fighting spam need to be very careful. I am sure one of the reasons behind the closure of Blue Security was violent threats made against the people involved. These guys are not geeks but mafia and will do anything to protect their interests.
That’s not a reason to give up. Just be aware…
May 26th, 2006 at 5:03 pm
Way to go BlueSecurity. I fully believe that retaliative measures have become necessary as spammers have intentionally misplaced their ethics. Spammers are preying on the internet to exploit everyone they can to get free advertisement. Douglas Elliot, what a hippocrite, to claim that it is not fair for the crap you dish out to get dealt back to you is insane. It’s about time to declare “war” on spammers, they need to pay to advertise just like legetimate businesses have done for decades.