Antispam firm says it was victim of attack

The CEO of an antispam firm whose service was knocked offline by a spammer earlier this week claimed his company was the victim of a sophisticated attack carried out, in part, with the help of someone at a top-tier Internet Service Provider (ISP).

Eran Reshef, CEO of Blue Security Inc., an Israeli antispam firm, said that his company was attacked by a major spammer named PharmaMaster who used a combination of methods to knock out the company's Web site and the servers hosting its services. He also hit back at criticism that the response by Blue Security to the attacks caused widespread problems to others.

Blue Security, which has its U.S. headquarters in Menlo Park, Calif., operates an antispam service designed to deter junk-mailers by spamming them back. Blue Security's Do Not Intrude program allows individuals to register their e-mail addresses with the company and essentially flood spammers who send them e-mail with automated opt-out requests.

The attacks that crippled Blue Service were preceded by PharmaMaster sending out threatening e-mails to subscribers of the Do Not Intrude Registry, warning them of even more spam if they did not withdraw their subscriptions.

PharmaMaster then appears to have gotten someone at a major ISP to block Blue Security's IP address on the Internet's backbone routers, most probably via a process called black-holing, Reshef claimed. With black-holing, an ISP essentially removes the advertised path to a particular Web site or IP address -- making it completely inaccessible to the outside world. According to Reshef, PharmaMaster informed Blue Security that he had gotten an ISP to agree to blackhole the company before the attacks started.

"Immediately, we started seeing our IP address getting blacklisted by other ISPs," Reshef said. As a result, traffic to the company's main Web site dropping from the usual 100 hits per minute to about two per minute in less than an hour -- and nothing at all from outside of Israel. At almost the same time, massive distributed denial of service (DDoS) attacks were launched against the dedicated servers that provide Blue Security's antispam service. The servers, located at five separate hosting provider sites, were bombarded with up to 2GB of traffic per second, rendering them inaccessible.