BlueSecurity Database Compromised? 375
Stray1 writes ""You are recieving this email because you are a member of BlueSecurity...." An email from unknown detractors has taken the Bluesecurity anti spam lists and decided to take matters into their own hands. I recieved this Email from an anonymous, and garbled host, which went on to say in not so fantastic english that I, as a Blusecurity member, would recieve this and many more (about 20 -30) spam messages a day until I left the blue security community. Blue Security, (www.bluesecurity.com)a website and community designed to lessen your Spam Email, is down for the moment. Is this what we have come to? Spam,(erm 'high volume email') companys holding your address hostage until you comply? "...We mightve had your email addresses before in our lists, but now, we are targetting YOU, because YOU are a bluesecurity user". I have to say, up until this point, my spam was down by about 70% to 80%."
Email I Received (Score:5, Informative)
----
You are being emailed because you are a user of BlueSecurity's well-known software "BlueFrog." http://www.bluesecurity.com/ [bluesecurity.com]
Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 - 20 fold.
BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity's software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.
BlueSecurity lists a USA address as their place of business, whereas their main office is in Tel Aviv. BlueSecurity is run by a few Russian-born Jews, who have previously been spamming themselves. When all is said and done, they will be able to run, hide and change their identities, leaving you to take the fall. YOU CANNOT PARTICIPATE IN ILLEGAL ACTIVITIES and expect to get away with it. This email ensures that you are well aware of the situation. Soon, you will be found guilty of computer crimes such as DDOS attacking of websites, conspiracy, and sending mass unsolicited bulk email messages for everything from viagra to porn, as long as you continue to run BlueFrog.
They do not take money for downloading their software, they do not take money for removing emails from their lists, and they have no visible revenue stream. What they DO have is 500,000 computers sitting there awaiting their next command. What are they doing now?
1. Using your computer to send spam ?
2. Using your computer to attack competitor websites?
3. Phishing through your files for your identity and banking information?
If you think you can merely change your email address and be safe while still running BlueFrog, you are in for a big surprise. This is just the beginning...
Re:So, is the database compromised? (Score:4, Informative)
I am a victim of the blackmail letter as well. It's easy to figure out how the spammers got my email address, they already had it. They simply backed up their address book, cleaned their list with Blue Security's tool, then "diffed" the database to figure out who was BlueSecurity member.
Another note, BlueSecurity is not Slashdotted. It is unavailable because of a DDoS attack started sometime earlier this week. The attack started submitting invalid PHP requests, making the site slow to a crawl and at times be completely unavailable.
I write about it on my blog. [blogspot.com] More on the attack here. [realtechnews.com] The threating letter I received is also on my Slashdot journal.
Re:What must be done (Score:3, Informative)
'According to rule 917.243(b) in the Domestic Mail Manual, when a business reply card is "improperly used as a label"--e.g., when it's affixed to a brick--the item so labeled may be treated as "waste." That means the post office can heave it into the trash without further ado.'
Re:What must be done (Score:2, Informative)
No, they don't. And no, they won't [straightdope.com].
To quote:
'According to rule 717.243(b) in the Domestic Mail Manual, when a business reply card is "improperly used as a label" -- e.g., when it's affixed to a brick - the item so labeled may be treated as "waste."'
Re:What must be done (Score:3, Informative)
Probably not compromised (Score:2, Informative)
Re:Email I Received (Score:4, Informative)
BlueSecurity wasn't hacked: Spammer FUD (Score:2, Informative)
http://www.bluesecurity.com/Announcements/spam.as
"A major spammer had started spamming our members with discouraging
messages in an attempt to demoralize our community. This spammer is
using mailing lists he already owns that may contain addresses of
some community members.
"We have also received complaints from users about spam allegedly
sent from Blue Security promoting our anti-spam solution and our web
site. This is yet another tactic used by some spammers in an attempt
to slander us by sending unsolicited email forged to appear as if it
was sent from Blue Security. Blue Security is an anti-spam company
determined to fight spam and as such never has and never will send
unsolicited email.
"Our answer to those criminals should be one - we will not be
discouraged; We will continue to exercise our right to opt-out of
spam.
They don't have the database! (Score:5, Informative)
Re:Eye for an Eye? (Score:1, Informative)
Re:So, is the database compromised? No. (Score:5, Informative)
What's lkely happening: Spammer has a mailing list. Spammer uses BlueSecurity's "cleanlist" tool to clean registered addresses from his mailing list. Compare original list to cleaned list - email addresses that are in the first but not the second are BlueSecurity registered.
By this logic, email addresses that the spammer does not already have are not made available to the spammer in any way via BlueSecurity's own list. Delivery patterns of the attack spams support this observation.
I'll also note that Gmail's own spam filters are already capturing all of these attack spams; I only got two in my mailbox this morning, about 50 more were filtered.
This is the first time I'm aware of that a spam prevention service has worked so well that it's got a spammer pissed off enough to lash out. BlueSecurity++
How it works (Score:2, Informative)
This way, no e-mail address is being released to the spammers. They could as well diff the lists to see which addresses were removed, but they won't get NEW e-mail addresses that way.
Re:Email I Received (Score:3, Informative)
No, it absolutely does not confirm that they've been hacked. See my previous comment about how it's likely that the spammer simply confirmed BlueSecurity registration for addresses he already has, but is unable to get new addresses out of the BlueSecurity database.
http://it.slashdot.org/comments.pl?sid=184656&cid
DoS and Explanation (Score:4, Informative)
According to this article [realtechnews.com] BlueSecurity is the target of a DoS attack.
Also, here's their explanation of the spammer's countermeasure:
Makes sense to me, and explains why only BlueSecurity users are getting the emails.
A fundamental change of spam economy (Score:2, Informative)
This is not just another passive mesure tryig to keep spam away; Blue Security's solution undermines the economy spammers rely on, the economy that motivates them to send billions of unsolicited messages. They know they will have to adapt to this new reality - some will comply now (Blue Security claims top spammers already comply) and others will try to put up a fight before understanding they have no other choice but to stop spamming the users that are willing to stand up for their rights and do something to fight spam.
I call all Internet users with any sense of responsibility for the future of the Internet to join the ranks of the Blue Community and make sure that spammers realize that common sense and justice will prevail.
Blue Frog can be downloaded from Blue Security's site or from major download sites such as download.com.
Do the right thing - join the fight now!
-- A proud member of the Blue Community
http://www.bluesecurity.com/register [bluesecurity.com]
http://download.bluesecurity.com/BlueFrog [bluesecurity.com]
http://www.download.com/Blue-Frog/3000-2092_4-105
Spammers exposed their resources? (Score:2, Informative)
Re:What must be done (Score:4, Informative)
Re:So... (Score:1, Informative)
New attack email text (Score:3, Informative)
I have deleted contact information at the end, for the sanity of those involved.
Begin
Subject: FW:Automaticly send 1000s of DDOS complaints for each spam you recieve
The trackback URL for this blog entry is:
http://community.bluesecurity.com/ [bluesecurity.com]
Bringing spammers to Their Knees:
Bluesecurity.com hopes you'll join thousands of others in an army capable
of crippling spammers' Web sites.
A few thousand spammers have ruined our internet. They've clogged our
mailboxes with filth. Already, 90% of email traffic is made up of
spam. Let us no longer blind ourselves to the irrefutable facts:
current measures have failed to stop spammers. The experience of the
past several years has proven that passive measures are just not the
answer.
Retribution is the only real answer to spam. We must punish spammers
ourselves to prevent them from taking over cyberspace. We must reclaim
our territory. We need direct action to eliminate spammers for good.
The magnitude of the task which lies before us is great. We are fighting
for the future of the Internet. What we need to do now is get as many
users as possible into our community. We already have a botnet with
hundreds of thousands of computers working together to induce commercial
loss on spammers and their ISPs. We have launched numerous
Denial-of-Service Attacks on Chinese spam networks with great success,
and plan many more!
We have excellent financiers who allow us continued success with our botnet
growth and Denial-of-Service Attacks. We thank the government agencies
involved
for their continued cooperation. We thank our leader, Eran Reshef,
for continued strategies of DoS attack operations. Also, US-based Rembrandt
Ventures & Skybox Security for their extensive funding & continued support.
And a
very special thanks to Douglas Schrier who has helped our botnet come to
life.
If you haven't signed up with the registry and installed a blue frog yet,
please sign up now.
If your friends have not yet joined us, we will convince them to do so.
Let's stop filtering spam and start eliminating spammers.
Together, we will reclaim the Internet, One ddos at a time.
Please Contact Us for any questions on signup via the following info:
address and phone deleted
Israel HQ: address and phone deleted
Current and potential investor relations:
Rembrandt Venture Partners address and phone deleted
Fight back spam! Join our Botnet today.
Download our
Re:What must be done (Score:3, Informative)