A war has erupted between the spammers and a private company known as Bluesecurity. Bluesecurity develops a free software known as Bluefrog that aims to get rid of spammers by counter-attacking them. Conventional approach to tackling spam is to flag it and delete it. Bluefrog takes a more proactive approach. Once a message is marked as Spam the software will automatically post opt-out requests on the sites advertised by spam using contact information available on the site. Thus if someone sends a large number of spams about a pirticular product that website will be flooded with opt-out request. Thus Bluefrog spams the spammers! Some people consider this as immoral and illegal. Bluesecurity’s arguement is that, “Active Deterrence is an ethical solution to spam as it allows the members of the Blue Community to complain about spam in a safe and automated manner. The number of complaints posted by the Community is exactly equal to the number of spam messages received. Merchants and spammers are warned in advance and can easily avoid receiving complaints by complying with the Registry”. To me it is an apt way to teaching the spammers a lesson. Spammers can’t be convinced by sweet words and persuation. Blue Frog provides a way to fight back.
It seems like Bluefrog is indeed effective. Effective enough for the spammers to sit up and take notice. Last week Bluefrog claimed that four major spam rings accounting for 8% of the total spam agreed to stop spamming Registry members. Others have decided to fight back against Blue frog. In fact they seem to be desperate to get rid of this software by hook or crook. Last week a large number of bluefrog users ( including me ) recieved threatning spam emails.
I am posting below the two emails that I recieved.
You are being emailed because you are a user of BlueSecurity’s well-known software “BlueFrog.” http://www.bluesecurity.com/
Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 – 20 fold.
BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity’s software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.
BlueSecurity lists a USA address as their place of business, whereas their main office is in Tel Aviv. BlueSecurity is run by a few Russian-born Jews, who have previously been spamming themselves. When all is said and done, they will be able to run, hide and change their identities, leaving you to take the fall. YOU CANNOT PARTICIPATE IN ILLEGAL ACTIVITIES and expect to get away with it. This email ensures that you are well aware of the situation. Soon, you will be found guilty of computer crimes such as DDOS attacking of websites, conspiracy, and sending mass unsolicited bulk email messages for everything from viagra to porn, as long as you continue to run BlueFrog.
They do not take money for downloading their software, they do not take money for removing emails from their lists, and they have no visible revenue stream. What they DO have is 500,000 computers sitting there awaiting their next command. What are they doing now?
1. Using your computer to send spam ?
2. Using your computer to attack competitor websites?
3. Phishing through your files for your identity and banking information?
If you think you can merely change your email address and be safe while still running BlueFrog, you are in for a big surprise. This is just the beginning…
You are recieving this email because you are a member of BlueSecurity
You signed up because you were expecting to recieve a lesser amount of
spam, unfortunately, due to the tactics used by BlueSecurity, you will
end up recieving this message, or other nonsensical spams 20-40 times
more than you would normally.
How do you make it stop?
Simple, in 48 hours, and every 48 hours thereafter, we will run our
current list of BlueSecurity subscribers through BlueSecurity’s database,
if you arent there.. you wont get this again.
We have devised a method to retrieve your address from their database,
so by signing up and remaining a BlueSecurity user not only are you
opening yourself up for this, you are also potentially verifying your
email address through them to even more spammers, and will end up getting
up even more spam as an end-result.
By signing up for bluesecurity, you are doing the exact opposite of
what you want, so delete your account, and you will stop recieving this.
Why are we doing this?
Its simple, we dont want to, but BlueSecurity is forcing us. We would
much rather not waste our resources and send you these useless mails.
Its simple, we dont want to, but BlueSecurity is forcing us. We would
much rather not waste our resources and send you these useless mails,
but do not believe for one second that we will stop this tirade of emails
if you choose to stay with BlueSecurity.
Just remember one thing when you read this, we didnt do this to you,
If BlueSecurity decides to play fair, we will do the same.
Just remove yourself from BlueSecurity, and make it easier on you.
They didn’t restrict themselves to threatning emails. They have launched a massive DDos attack against blue frog’s website. Infact they even brought down Livejournal (as Bluefrogs web blog was hosted on it’s servers).
However, there is a positive side to everything. All this fiasco has bought a lot of attention to Bluefrog and it’s member base will probably increase more rapidly when the website comes back online.
If you want to participate in this fight then download Blue frog from here . If you are using Firefox download the firefox extension from addons.mozilla.org . Bluefrog works with web-based email services like Yahoo, Hotmail and Gmail. It supports all email clients. Let us fight back
# 06 May : Eran Reshef, CEO of Blue Security said that the attacks are being carried out by a Russian spammer known as PharmaMaster. PharmaMaster (excerpt from ICQ session)said that : “Blue found the right solution to stop spam, and I can’t let this continue.”
More details is available here . Also it seems like the Blue Security website is back online now.
# 08 May : Yet another proof that bluesecurity is really effective. Spammers are really pissed off at them and they are planning an attack on bluesecurity tommorow. Not only that they also plan to spam bluesecurity users. Here are some quotes :
? Word through the underground is pretty solid right now. Bluesecurity is going to be hit with forces they will not be able to handle. We will see.
? we have the database of the users that are signed in blue system and we’re going to fight them.
all sponsors contact me to get the data base and ask your mailers to over spam that database and take down this lamers …
Read it here .
Also they have been sending more threatning emails. You can read it here .
# 09 May : Wired News recieved an e-mail from an anonymous spammer who took credit for the attacks. The e-mail said
“Blue Security is indeed hurting our business, but not by taking down our websites,” the purported spammer wrote. “Instead, they create a daily nuisance to our server administrators.”
Read the full article here .
# 17th May : Alas! The evil has trampled over the good. Bluesecurity has lost this battle!In an interview with Wired News , Blue Security CEO Eran Reshef said the Israel-based company was closing its service Wednesday since he did not want to be responsible for an ever-escalating war that could bring down internet service providers and websites around the world and subject its users to denial-of-service attacks from a well-organized group in control of a massive army of computer drones.
He said :
Our community would very much like us to continue on the fight against spam, and our community has grown over the last week.But at the end of the day if we continue doing so, within a few days, major websites will go down. I don’t feel that this is something I can be responsible for. I cannot go ahead and rip up the internet to make Blue Security work. This is not the decision a commercial entity can make.
So long Bluefrog 🙁
# 19th May : Some more details about exactly what led to the closure of Bluesecurity is now available at Prolexic‘s website. Also I urge all Bluesecurity users to uninstall Bluefrog immediately since it is possible that someone with malicious intent may be able to gain controll over the Bluefrog client.
Although Bluefrog is now dead, it has inspired a lot of people. An Opensource Project titled “Okopipi ” – which is a variety of poisinous bluefrog. If you think that you can help then sign up over here . Personally I think that it would be great if some company like Google would take this up. It would immediately attrack a lot of attention. And if there is anyone who can take on these spammers, it is Google.
#22 May : From CastleCops Forum : “Within hours of posting the above message on the bluesecurity.com website, a concerted DNS attack on the DNS name provider took the site down. Also taken down was Prolexic and thousands of its customers, who include banks and financial services.”
That does show that Bluesecurity probably did the right thing by shutting down. It again demonstrates the power of these Spammers! In this case I think that only another Golliath can take them down. David has lost the battle.
15 responses to “The WAR over SPAM”
It really has become a war, and might indeed be a winnable one.
I, for one, am very happy.
What BlueSec has developed will help win the war againist spam than any spam filter.
Appears that a opt-out response towards a web site contained in the spam is the most effective. This is where spammers are the most vulnerable, the merchant’s site advertised in the spam.
When merchants realize that if they use a spammer to promote their products and said promotion incurs a rather organized response (aka Blue security) then merchants will be less prone to use spam as a method of advertising.
And wait till a vigilante hacker makes a decentralized version of Blue Frog. Then things will get REALLY interesting B-). But until then, we’ll have to stick with Blue Frog 🙂
Spam war can hide another more difficult to handle…
A Spam War has been declared against an Israeli Security Startup: BlueSecurity. They claim they handle spam by attacking back Spammers who have been identified by the help of a community of users complaining they received spam. Millions of Spams…
The Blue Frog Community will grow, no doubt because people are tired of spam and have been looking for a ‘real” solution to stop spam. Take a look at the various message boards and see the comments.
Spammers are vulnerable not at the point of sending spam but at the merchant sites advertised in the spam. Will merchants continue to hire spammers for their services when the backslash against these “spamvertised” sites prevent them from doing business? That is the “true” power of the blue frog community. Strike at the weakest link in the spam chain: the merchant web sites.
THIS IS A WAR AND I AS A PART OF BLUE COMMUNITY IS WITH THE BLUE FROG AND WILL MAKE MY FRIENDS ALSO DOWNLOAD BLUE FROG. LET THE SPAMMERS BE TAUGHT A LESSON AND LET THEM EXPERIENCE THE DIFFICULTY WE FACE IN OUR EMAILS WITH ALL THOSE SPAMS
This is great stuff…Tit for tat !!
Yey yey !!
Should i download it or not? I mean i dont want my computer to screw up so just tell me if it is safe or not . Thnx
Offcourse. We should fight back. Bluesecurity doesnt cause any problem. It will just sit in the system tray and do it’s job. It is very light. Since you use Firefox also download the firefox extension.
Yup Its complitly safe & no sypware.
I have been using it for quite few months now.
I have seen a reduction in the amount of spam that I use to get.
Its gone now… 😥 resigned in order to avoid a mass scale war they have no rights to start… shit spammers ,,,
I’ll make this short and sweet.
Spammers need to be shot!
They ruined a perfectly good program and systemt hat gave us the chance to fight back and now look what happened? Lets hope someone big like Google or that takes over as then we may have a better chance to stop these spammers in their tracks.
Clearly the best way to sort this out would be to identify all the drones/botnets/zombies and get the owners of the affected PC’s to take back control. This removes the ability to create a DDOS agaianst, well anyone! Then the spammers have no power at all. Blue Frog or its up an coming derivitives (oh yes there will be more) will have nothing to fear! the spammers on the other hand….. Vigilantees, no, Vigilence and security, yes!
Ok , so the war is on. Good. i m happy about it.
Spammers are a real pain in the…
let them pay through their nose.
War against SPAM is really good step!
The problem is that to be found someone
(Frontier) who have the real big power to
support this war so we can continue.
Now days a 95% of mails include SPAM from MEDs
Most of the sites try to put in your pc a troj
or some other bull… so they can get your INFO
and SPAM you later…
No trust anymore….