Subject: Spammers release virus to attack Spamhaus.org
Date: Sun, 02 Nov 2003 20:56:59 +0000
FOR IMMEDIATE RELEASE
Spammers release virus to attack Spamhaus.org.
A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.spamhaus.org, www.spamcop.net and www.spews.org. The W32/Mimail-E virus is the latest in a string of viruses, each one released by spammers for the purpose of creating a vast worldwide zombie network of spam-sending machines and building an attack network consisting of hundreds of thousands of virus-infected zombie computers with which the spammers then attack anti-spam organizations.
W32/Mimail-E is designed to infect millions of computers causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, www.spamhaus.org, and also attacks the web servers of www.spamcop.net and www.spews.org. Spamhaus began coming under massive distributed Denial of Service (dDoS) attacks in July 2003, soon after the release of the SoBig.E virus and the Fizzer virus.
In June Spamhaus stated that spammers had now moved from simple spamming through open proxies to actually manufacturing and sending out viruses to create a network of spam proxies, infecting hundreds of thousands of mainly home-user machines on broadband (ADSL) lines. Fizzer (W32/Fizzer-A) in particular is a wide-spread worm which spreads by emailing itself to contacts in Microsoft Outlook and Windows address books. The purpose of Fizzer is to install a miniature web server (which the spammers then use to host "make-penis-fast" web sites on) and a DoS attack tool specifically for attacking anti-spam organizations. In August and September 4 anti-spam systems were forced into closure under overwhelming dDoS attacks that hit them for weeks at a time.
Spamhaus itself was subjected to the same intense dDoS attacks for 3 months but survived thanks to its large distributed network capable of absorbing attacks. Still, expecting more attacks, and with no intervention by Law Enforcement, in mid September we moved the Spamhaus web site behind an anti-dDoS device known as iSecure supplied by Melior CyberWarefare Defence (www.ddos.com) and can therefore now withstand the waves of dDoS attacks. Spamhaus does know the two groups of spammers and teenage crackers behind the dDoS attacks, and we know the same groups are involved in the creation and sending of the viruses. We know who and where they are and will be releasing our information on them in a week's time to focus press on them in order to speed up their apprehension.
Steve Linford
The Spamhaus Project
http://www.spamhaus.org