Original URL: http://www.theregister.co.uk/2007/06/11/anti-spam_ddos/

Anti-spam sites weather DDoS assault

Storm Trojan fingered in tempest

By John Leyden

Posted in Security, 11th June 2007 14:37 GMT

Prominent anti-spam services came under a sustained denial of service attack late last week. The assault targeted Spamhaus, Spam URI Realtime Blocklists (SURBL), and Realtime URI Blacklist (URIBL).

The URIBL (which, like SURBL - filters junk mail based on spam sites mentioned in their message bodies) website was rendered temporarily available by the assault between Wednesday and Friday. It used DDoS mitigation technology from Prolexic to restore services.

Both Spamhaus and SURBL managed to keep their sites up and running during the onslaught. The Rules Emporium, which hosts additional rules for SpamAssassin, was unavailable on Friday, but it's unclear whether this was a direct result of the assault on fellow spam-busting sites.

Last week's attacks were likely launched from a network of compromised (zombie) PCs and were of the same type as those that knocked out spam-busting outfit Blue Security last year, according to the Internet Storm Centre (ISC).

"The attacks seem to be similar to those carried out against BlueSecurity last year, with the Storm malware. Storm is a botnet that can do basically anything..." security watchers at the ISC note.

On the plus side, the fact that spammers have taken to launching denial of service attacks might be a sign of desperation, it adds. ®