Path: g2news1.google.com!news4.google.com!out03a.usenetserver.com!news.usenetserver.com!in04.usenetserver.com!news.usenetserver.com!news-in-02.newsfeed.easynews.com!easynews.com!easynews!sn-xt-sjc-03!sn-xt-sjc-10!sn-xt-sjc-01!sn-post-sjc-01!supernews.com!news.supernews.com!linford From: Steve Linford Newsgroups: news.admin.net-abuse.email Subject: Re: Spamhaus Under Another DDOS? Date: Thu, 07 Jun 2007 09:04:19 +0200 Organization: The Spamhaus Project Message-ID: References: <1181173113.047139.239730@d30g2000prg.googlegroups.com> User-Agent: MT-NewsWatcher/3.5.2 (Intel Mac OS X) X-Complaints-To: abuse@supernews.com Lines: 25 Spamhaus's web servers came under a DDoS attack starting yesterday at just after 21:00 GMT. The attack is being carried out by the same people responsible for the BlueSecurity DDoS last year, using the Storm malware. The attack method was sufficiently different to previous DDoS attacks on us that some of it got through our normal anti-DDoS defenses and halted our web servers. At 02:00 GMT we got the attack under control and our web servers are now back up, www.spamhaus.org is running again as normal. The attack is ongoing, but it's being absorbed by anti-DDoS defenses. Also under attack by the same gang are SURBL and URIBL. Storm is the 'nightmare' botnet, capable of taking out government facilities and causing much mayhem on the internet. It has 3 functions; sending spam, fast-flux web and dns hosting mainly for stock scams, and DDoS. There is a hefty international effort underway by cyber-forensics teams in a joint effort by law enforcement and private sector botnet and malware analysts to trace the perpetrators. -- Steve Linford The Spamhaus Project http://www.spamhaus.org