There is a new Storm Worm DDoS Attack happening this week against several antispam vendors and support companies.
A number of anti-spam websites came under a distributed denial-of-service attack on January 12, 2007. The trojan responsible for the attack was one of several dropped onto systems infected by a seeding of the email virus which later came to be called "Storm Worm", also W32/Small.DAM and Trojan.Peacomm.
This attack is from the same group that performed last years destuction of Blue Security. They are using a varient of the 'Storm Worm' malware and attacking a number of vendors sites. These attacks use compromised machines (botnets). Typically these machines are infected Windows computers, usually the result of some infection through downloading software from the Internet.
Steve Linford at Spamhaus.org posted a note on the net-abuse newsgroup about it.
Spamhaus's web servers came under a DDoS attack starting yesterday at just after 21:00 GMT. The attack is being carried out by the same people responsible for the BlueSecurity DDoS last year, using the Storm malware.
The attack method was sufficiently different to previous DDoS attacks on us that some of it got through our normal anti-DDoS defenses and halted our web servers.
At 02:00 GMT we got the attack under control and our web servers are now back up, www.spamhaus.org is running again as normal.
The attack is ongoing, but it's being absorbed by anti-DDoS defenses. Also under attack by the same gang are SURBL and URIBL.
Storm is the 'nightmare' botnet, capable of taking out government facilities and causing much mayhem on the internet. It has 3 functions; sending spam, fast-flux web and dns hosting mainly for stock scams, and
DDoS. There is a hefty international effort underway by cyber-forensics teams in a joint effort by law enforcement and private sector botnet and malware analysts to trace the perpetrators.
We at Emerald have been minimally impacted by this through mostly bogus bounce messages to domains owned by our customers. We have not been under direct attack.
Spammers are getting much more sophisticated and are starting to up the price of being an antispam company. Attacks like this require huge resources to combat from the spam vendor. This is a pretty scary phase of the war against spam. It makes me wonder where we will be in a few years time...