Spammers beware -- avenging amphibians are once again rising against you.
First there was Blue Frog, a community antispam effort that stopped operating last week after Blue Security, the company that started the project, came under a withering denial-of-service attack.
Out of the ashes comes Black Frog, part of a project that is apparently willing to become a flag bearer in the fight against spam. The project, dubbed Okopipi, is developing the Black Frog antispam software and service as an open-source project, according to the group's wiki.
"This project aims to become a distributed replacement of antispam software Blue Frog," the Okopipi wiki states.
Blue Security waged a sort of do-it-yourself spamming campaign against the spammers. It said that more than 500,000 customers downloaded its Blue Frog software, which automatically sent replies back to mass emails. If all of these customers' systems responded, the spammers' systems would be overwhelmed.
But the Web sites of Blue Security and some of the company's partners were knocked out last month by a massive distributed denial-of-service (DDoS) attack. In such an attack, scores of computers try continuously to log on to Web sites in an effort to overtax the servers.
Okopipi's battle plan is to avoid depending on a centralised server, creating a target too big to be taken out by a single DDoS attack.
"It will be based on a P2P network (the frognet)," according to a posting on the wiki. "On failure to connect it could still opt out given email addresses."
Participants will send reports of spam emails to Okopipi, which will use "handlers", including dedicated servers, to analyse it. To avoid suffering the same fate as Blue Security, Okopipi's staff will not disclose information about its servers.
"Only the Okopipi administrators will know their locations," the group said on its wiki. This should make a DDoS attack "very difficult", it said.
The Okopipi wiki said the Black Frog software will set participants' systems to automatically click the "opt-out" or "unsubscribe" links contained within spam -- sending a response to the mailers. The software is still being developed.
Richi Jennings, an analyst at security research company Ferris, said any attempts by Okopipi to duplicate Blue Security's strategy of fighting fire with fire are misguided.
"The project should also take care not to cross the line from legitimate spam complaints to attacking spammers using DDoS-like techniques," Jennings wrote on a posting to Ferris's Web site.
Talkback
Gee, great article.... No Url, No Web site. Nothing but a blurb.
I guess Ziff Davis still thinks they are publishing on paper.
How about a link nextime?
Here it is: http://wiki.okopipi.org/wiki/Main_Page
So this all boils down to a question: Will such an attempt be successful?
Right now, spamming "works" because of two reasons:
1. The cost of distributing thousands of emails is very small, made smaller by the "zombie networks" of hacked, unpatched machines (typically home Windows users who leave thier machines connected to the Internet 24/7 and have no clue about security).
2. There are people dumb enough to buy their stuff.
The idea behind Black Frog is to flood the spammers with so many fake requests that they can not tell ligitimate ones from fake, so they have to spend the time and energy (which equals money) to make their profits, which nor invalidates condition #1: Spam is cheap.
I'm not so sure this is the best route. Personally, I believe the best approach is to work on the zombie networks. If an ISP detects a large amount of spam-like mail coming from a client, they should cut that client off until they have the appropriate software installed (firewall, virus detection, etc). Of course, ISP's don't like that since now they have irate customers and have to spend more money getting their customers secure.
Odds are, a combination of the two will be the best defense, but I expect that until people are simply wise enough to ignore spam, it will always be a problem. [sarcasm]Well, that and everyone getting a Mac would help reduce zombie networks.[/sarcasm] (Note the sarcasm tags - this isn't an invitation for flame wars and trollish comments - just suppose to be a joke.)
Hi guys,
Sorry for not adding that link to the Okopipi site earlier - thanks for flagging it up.
Cheers
Graeme
"Richi Jennings, an analyst at security research company Ferris, said any attempts by Okopipi to duplicate Blue Security's strategy of fighting fire with fire are misguided."
Of course. The proper way to fight fire is with orbital bombardment. Blue Security's approach was a decent attempt, though, and hopefully this will be another step in the right direction.
Best of luck to the avenging amphibians.
Opt-Out messages being called a form of DDOS regardless of how they are generated, as long as they still represent a 1 to 1 spam to opt-out message ratio is not an attack, but rather merely a blow for blow defense. The DDOS attack is just blowback from the spammer using ridiculous means to market their crap.
What a sloppily researched article.
1. The Blue Frog software was NOT "designed to crash spammers' servers." It was an automated way to sent opt-out requests, one request per spam received. There was never any intention to crash anything.
Crashing is what the criminal spammers did in response to Blue Frog's legal and ethcial software.
2. There is no plan for any software named Black Frog. There was a Black Frog project for a few days, but it merged early on with the Okopipi project.
The software that comes out of the Okopipi project is likely to be called -- Okopipi. Duh.
>Blue Frog software, which automatically sent replies back to mass emails<
Actually, they attacked the landing page, usually the order form, filling in each line with the "opt-out text." Of course, on submit, the form - absent a valid credit card - would error out. Thus, it was a pretext for launching a DDoS.
My problems with Blue Frog were primarily based on the notion that fighting abuse with abuse is a very bad idea.
( http://tqmcube.com/abusive.php ) I also found that Blue Security was disingenuous. An analysis of some of the numbers is here: http://tqmcube.com/bluefrog.php
My problem with Okopipi is that it lacks proof of concept. Nobody really knows if Blue Frog was effective. There is a general acceptance that it must have been effective to have engendered a DDoS attack. That "logic" is spectacularly flawed.
waiting on Okopipi