Blue Security anti-spam community target of large-scale spam attack

Tuesday, May 2, 2006

Beginning Monday morning, many BlueFrog and Blue Security users began receiving an email warning them that if they did not remove their email addresses from the Blue Security registry, they would begin to receive huge amounts of unsolicited email. As quickly as four hours after the initial warning message, some users began to receive an unprecedented amount of spam. Most of the messages were simply useless text. Users reported that Blue Security's website was unavailable or extremely slow in responding.

Blue Security is an online community dedicated to fighting spam. As they became more popular, their member list increased substantially. The members' email address is encrypted and added to a list of e-mail addresses that wish to stop receiving spam. Blue Security maintains the encrypted list, which uses an encrypted hash function. Spammers are encouraged to remove all addressed from their email list that are also in Blue Security's Do Not Intrude Registry by using free compliance tools available at Blue Security's web site.

According to Blue Security's web site, "A major spammer had started spamming our members with discouraging messages in an attempt to demoralize our community. This spammer is using mailing lists he already owns that may contain addresses of some community members." Reportedly, Blue Security has received complaints from users about spam allegedly sent from Blue Security promoting their anti-spam solution and web site.

Blue Security states they are "an anti-spam company determined to fight spam and as such never has and never will send unsolicited email." There are also reports of non-users of BlueSecurity/BlueFrog receiving the warning emails, which now seems is also being sent to email addresses of people who have never added their email address to Blue Security's Do Not Intrude Registry.

Warning messages in spam emails

There are several versions of the warning messages, two are copied below:

You are being emailed because you are a user of BlueSecurity's well-known software BlueFrog. (http://www.bluesecurity.com/)

Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 - 20 fold.

BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity's software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.

BlueSecurity lists a USA address as their place of business, whereas their main office is in Tel Aviv. BlueSecurity is run by a few Russian-born Jews, who have previously been spamming themselves. When all is said and done, they will be able to run, hide and change their identities, leaving you to take the fall. YOU CANNOT PARTICIPATE IN ILLEGAL ACTIVITIES and expect to get away with it. This email ensures that you are well aware of the situation. Soon, you will be found guilty of computer crimes such as DDOS attacking of websites, conspiracy, and sending mass unsolicited bulk email messages for everything from viagra to porn, as long as you continue to run BlueFrog.

They do not take money for downloading their software, they do not take money for removing emails from their lists, and they have no visible revenue stream. What they DO have is 500,000 computers sitting there awaiting their next command. What are they doing now?

1. Using your computer to send spam ?
2. Using your computer to attack competitor websites?
3. Phishing through your files for your identity and banking information?

If you think you can merely change your email address and be safe while still running BlueFrog, you are in for a big surprise. This is just the beginning...

– email to Bluefrog users

Hey,

You are recieving this email because you are a member of BlueSecurity (http://www.bluesecurity.com).

You signed up because you were expecting to recieve a lesser amount of spam, unfortunately, due to the tactics used by BlueSecurity, you will end up recieving this message, or other nonsensical spams 20-40 times more than you would normally.

How do you make it stop?

Simple, in 48 hours, and every 48 hours thereafter, we will run our current list of BlueSecurity subscribers through BlueSecurity's database, if you arent there.. you wont get this again.

We have devised a method to retrieve your address from their database, so by signing up and remaining a BlueSecurity user not only are you opening yourself up for this, you are also potentially verifying your email address through them to even more spammers, and will end up getting up even more spam as an end-result.

By signing up for bluesecurity, you are doing the exact opposite of what you want, so delete your account, and you will stop recieving this.

Why are we doing this?

Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails.

Its simple, we dont want to, but BlueSecurity is forcing us. We would much rather not waste our resources and send you these useless mails, but do not believe for one second that we will stop this tirade of emails if you choose to stay with BlueSecurity.

Just remember one thing when you read this, we didnt do this to you, BlueSecurity did.

If BlueSecurity decides to play fair, we will do the same.

Just remove yourself from BlueSecurity, and make it easier on you.

– email to BlueFrog Users

Sources