The WAR over SPAM

A war has erupted between the spammers and a private company known as Bluesecurity. Bluesecurity develops a free software known as Bluefrog that aims to get rid of spammers by counter-attacking them. Conventional approach to tackling spam is to flag it and delete it. Bluefrog takes a more proactive approach. Once a message is marked as Spam the software will automatically post opt-out requests on the sites advertised by spam using contact information available on the site. Thus if someone sends a large number of spams about a pirticular product that website will be flooded with opt-out request. Thus Bluefrog spams the spammers! Some people consider this as immoral and illegal. Bluesecurity’s arguement is that, “Active Deterrence is an ethical solution to spam as it allows the members of the Blue Community to complain about spam in a safe and automated manner. The number of complaints posted by the Community is exactly equal to the number of spam messages received. Merchants and spammers are warned in advance and can easily avoid receiving complaints by complying with the Registry”. To me it is an apt way to teaching the spammers a lesson. Spammers can’t be convinced by sweet words and persuation. Blue Frog provides a way to fight back.

It seems like Bluefrog is indeed effective. Effective enough for the spammers to sit up and take notice. Last week Bluefrog claimed that four major spam rings accounting for 8% of the total spam agreed to stop spamming Registry members. Others have decided to fight back against Blue frog. In fact they seem to be desperate to get rid of this software by hook or crook. Last week a large number of bluefrog users ( including me ) recieved threatning spam emails.

I am posting below the two emails that I recieved.

First email

You are being emailed because you are a user of BlueSecurity’s well-known software “BlueFrog.” http://www.bluesecurity.com/

Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 – 20 fold.

BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity’s software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.

BlueSecurity lists a USA address as their place of business, whereas their main office is in Tel Aviv. BlueSecurity is run by a few Russian-born Jews, who have previously been spamming themselves. When all is said and done, they will be able to run, hide and change their identities, leaving you to take the fall. YOU CANNOT PARTICIPATE IN ILLEGAL ACTIVITIES and expect to get away with it. This email ensures that you are well aware of the situation. Soon, you will be found guilty of computer crimes such as DDOS attacking of websites, conspiracy, and sending mass unsolicited bulk email messages for everything from viagra to porn, as long as you continue to run BlueFrog.

They do not take money for downloading their software, they do not take money for removing emails from their lists, and they have no visible revenue stream. What they DO have is 500,000 computers sitting there awaiting their next command. What are they doing now?

1. Using your computer to send spam ?
2. Using your computer to attack competitor websites?
3. Phishing through your files for your identity and banking information?

If you think you can merely change your email address and be safe while still running BlueFrog, you are in for a big surprise. This is just the beginning…

Second Email

Hey,

You are recieving this email because you are a member of BlueSecurity
(http://www.bluesecurity.com).

You signed up because you were expecting to recieve a lesser amount of
spam, unfortunately, due to the tactics used by BlueSecurity, you will
end up recieving this message, or other nonsensical spams 20-40 times
more than you would normally.

How do you make it stop?

Simple, in 48 hours, and every 48 hours thereafter, we will run our
current list of BlueSecurity subscribers through BlueSecurity’s database,
if you arent there.. you wont get this again.

We have devised a method to retrieve your address from their database,
so by signing up and remaining a BlueSecurity user not only are you
opening yourself up for this, you are also potentially verifying your
email address through them to even more spammers, and will end up getting
up even more spam as an end-result.

By signing up for bluesecurity, you are doing the exact opposite of
what you want, so delete your account, and you will stop recieving this.

Why are we doing this?

Its simple, we dont want to, but BlueSecurity is forcing us. We would
much rather not waste our resources and send you these useless mails.

Its simple, we dont want to, but BlueSecurity is forcing us. We would
much rather not waste our resources and send you these useless mails,
but do not believe for one second that we will stop this tirade of emails
if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you,
BlueSecurity did.

If BlueSecurity decides to play fair, we will do the same.

Just remove yourself from BlueSecurity, and make it easier on you.

Dixie Flanagan

They didn’t restrict themselves to threatning emails. They have launched a massive DDos attack against blue frog’s website. Infact they even brought down Livejournal (as Bluefrogs web blog was hosted on it’s servers).

However, there is a positive side to everything. All this fiasco has bought a lot of attention to Bluefrog and it’s member base will probably increase more rapidly when the website comes back online.

If you want to participate in this fight then download Blue frog from here . If you are using Firefox download the firefox extension from addons.mozilla.org . Bluefrog works with web-based email services like Yahoo, Hotmail and Gmail. It supports all email clients. Let us fight back

Visit Blue Security

# 06 May : Eran Reshef, CEO of Blue Security said that the attacks are being carried out by a Russian spammer known as PharmaMaster. PharmaMaster (excerpt from ICQ session)said that : “Blue found the right solution to stop spam, and I can’t let this continue.”

More details is available here . Also it seems like the Blue Security website is back online now.

# 08 May : Yet another proof that bluesecurity is really effective. Spammers are really pissed off at them and they are planning an attack on bluesecurity tommorow. Not only that they also plan to spam bluesecurity users. Here are some quotes :

? Word through the underground is pretty solid right now. Bluesecurity is going to be hit with forces they will not be able to handle. We will see.

? we have the database of the users that are signed in blue system and we’re going to fight them.
all sponsors contact me to get the data base and ask your mailers to over spam that database and take down this lamers …

Read it here .

Also they have been sending more threatning emails. You can read it here .

# 09 May : Wired News recieved an e-mail from an anonymous spammer who took credit for the attacks. The e-mail said

“Blue Security is indeed hurting our business, but not by taking down our websites,” the purported spammer wrote. “Instead, they create a daily nuisance to our server administrators.”

Read the full article here .

# 17th May : Alas! The evil has trampled over the good. Bluesecurity has lost this battle!In an interview with Wired News , Blue Security CEO Eran Reshef said the Israel-based company was closing its service Wednesday since he did not want to be responsible for an ever-escalating war that could bring down internet service providers and websites around the world and subject its users to denial-of-service attacks from a well-organized group in control of a massive army of computer drones.

He said :

Our community would very much like us to continue on the fight against spam, and our community has grown over the last week.But at the end of the day if we continue doing so, within a few days, major websites will go down. I don’t feel that this is something I can be responsible for. I cannot go ahead and rip up the internet to make Blue Security work. This is not the decision a commercial entity can make.

So long Bluefrog 🙁

# 19th May : Some more details about exactly what led to the closure of Bluesecurity is now available at Prolexic‘s website. Also I urge all Bluesecurity users to uninstall Bluefrog immediately since it is possible that someone with malicious intent may be able to gain controll over the Bluefrog client.

Although Bluefrog is now dead, it has inspired a lot of people. An Opensource Project titled “Okopipi ” – which is a variety of poisinous bluefrog. If you think that you can help then sign up over here . Personally I think that it would be great if some company like Google would take this up. It would immediately attrack a lot of attention. And if there is anyone who can take on these spammers, it is Google.

#22 May : From CastleCops Forum : “Within hours of posting the above message on the bluesecurity.com website, a concerted DNS attack on the DNS name provider took the site down. Also taken down was Prolexic and thousands of its customers, who include banks and financial services.”
That does show that Bluesecurity probably did the right thing by shutting down. It again demonstrates the power of these Spammers! In this case I think that only another Golliath can take them down. David has lost the battle.