這條新聞大概是這兩天最讓人沮喪的資安消息:一家專門轟炸spammer的以色列公司Blue Security.com,最後竟死在Spammer的DDoS攻擊之下..
May 17, 2006
As we’ve detailed previously, Prolexic has been fending malicious cyber attacks from one or more criminal spammers attempting to intimidate the firm, subsequent to Prolexic deploying its system to defend a recent customer. We can now reveal this customer to be Blue Security.
Blue Security was our client since May 5th, and we successfully repelled several attacks against them since we started protecting their site.
We understand that once customers of Blue Security started receiving real threats of viruses/worms/DDoS/etc. attacks against them personally, Blue Security realized that they were putting their customers in jeopardy by continuing the fight with the spammers. Not wanting to escalate the war on their customers, Blue Security, understandably but regrettably, decided to exit the anti-spam business on May 16th.
Currently Blue Security has taken their site offline, to avoid themselves being responsible for any further attacks on their customers. Whether you applauded Blue Security for taking the fight to the spammers, or criticized them for vigilantism, I’m sure you’ll agree that it is a sad day when criminal spammers win.
Blue Security will be missed.
Darren Rennick
Chief Executive
Blue Security的架構大致如下:使用者收到垃圾信後,透過叫做藍蛙(BlueFrog)的用戶端軟體將垃圾信回報給Blue Security伺服器上的資料庫,Blue Security就會把垃圾信彈回給Spammer,要求Spammer移除收件人。當有大批網友收到同一來源的spam,並透過藍蛙回報給Blue Security時,Spammer和其ISP就會遭到Blue Security回信轟炸,ISP不會放著不管,Spammer可能也會落跑。用戶端的使用方法很簡單,下載藍蛙軟體,遇到垃圾信時按個鈕寄回垃圾信即可;Firefox用戶還可以下載以GreaseMonkey script為基礎的藍蛙擴充套件,自動回報GMail、Yahoo! Mail等主要WebMail中的spam。
經過幾個禮拜的運作,這招對小spammer確實有效,但厲害一點的魔頭級Spammer當然會反擊。俄羅斯魔頭Spammer PharmaMaster找了一堆hacker對Blue Security官網進行密集攻擊,攻擊手法從DDos、病毒到蠕蟲都有,可說精銳盡出。狂轟猛炸之下,Blue Security先是換網址遷都避難,不過這招當然無效。匪軍趁勢追擊,還把提供Blue Security避難用地的Six Apart網站搞掛八個小時,波及網站上的180萬個blog。過不了多久,Blue Security只好舉白旗出城納降。
這一仗,藍蛙敗了,而且輸得一乾二淨。
國外網友評論說,其實藍蛙敗就敗在採用集中管理的架構,以致於提供一個明顯的攻擊目標;如果整個資料庫和主機採用分散式架構(P2P?),應該可以避免如此淒慘的下場。另外,魔頭spammer的攻擊行動是嚴重的集體犯罪,執法單位應該要動起來。這位網友還提出了他理想中的anti-spam架構。最近截稿中,有空再來慢慢看吧。
(本來要在下期雜誌上登出藍蛙使用教學,因為沒空寫而延後;結果藍蛙掛了,也不用寫了 XD)
Instant Messaging – Expressway for Identity Theft, Trojan Horses, Viruses, and Worms…
Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line….