<fair use>
From: Steve Linford <linford@spamhaus.org>
Newsgroups: news.admin.net-abuse.email
Subject: Spammers release virus to attack Spamhaus.org
Date: Sun, 02 Nov 2003 20:56:59 +0000
Organization: The Spamhaus Project
FOR IMMEDIATE RELEASE
Spammers release virus to attack Spamhaus.org
A new virus released by spammers on Saturday 1st November is infecting
computers worldwide, and this time the purpose of the virus is to attack
www.spamhaus.org,
http://www.spamcop.net and www.spews.org. The W32/Mimail-E
virus is the latest in a string of viruses, each one released by
spammers for the purpose of creating a vast worldwide zombie network of
spam-sending machines and building an attack network consiting of
hundreds of thousands of virus-infected zombie computers with which the
spammers then attack anti-spam organizations.
W32/Mimail-E is designed to infect millions of computers causing them to
each begin making overwhelming amounts of bogus requests to
Spamhaus.org's web server, www.spamhaus.org, and also attacks the web
servers of
http://www.spamcop.net and www.spews.org.
Spamhaus began coming under massive distributed Denial of Service (dDoS)
attacks in July 2003, soon after the release of the SoBig.E virus and
the Fizzer virus. In June Spamhaus stated that spammers had now moved
from simple spamming through open proxies to actually manufacturing and
sending out viruses to create a network of spam proxies, infecting
hundreds of thousands of mainly home-user machines on broadband (ADSL)
lines.
Fizzer (W32/Fizzer-A) in particular is a wide-spread worm which spreads
by emailing itself to contacts in Microsoft Outlook and Windows address
books. The purpose of Fizzer is to install a minature web server (which
the spammers then use to host "make-penis-fast" web sites on) and a DoS
attack tool specifically for attacking anti-spam organizations. In
August and September 4 anti-spam systems were forced into closure under
overwhelming dDoS attacks that hit them for weeks at a time.
Spamhaus itself was subjected to the same intense dDoS attacks for 3
months but survived thanks to its large distributed network capable of
absorbing attacks. Still, expecting more attacks, and with no
intervention by Law Enforcement, in mid September we moved the Spamhaus
web site behind an anti-dDoS device known as iSecure supplied by Melior
CyberWarefare Defence (
http://www.ddos.com) and can therefore now withstand the
waves of dDoS attacks.
Spamhaus does know the two groups of spammers and teenage crackers
behind the dDoS attacks, and we know the same groups are involved in the
creation and sending of the viruses. We know who and where they are and
will be releasing our information on them in a week's time to focus
press on them in order to speed up their apprehension.
--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org</fair use>