Three Web sites that provide spam blocking lists have shut down as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails.

Anti-spam experts said that they think spammers are behind the attacks, although they have no way of proving it.

The technological war comes as Congress considers a federal anti-spam law and California adopts what is widely considered to be the toughest law in the country.

The California law, signed on Tuesday, allows people to sue spammers for $1,000 per unsolicited e-mail and up to $1 million for a spam campaign.

“This definitely marks an escalation in the spam wars,” Andrew Barrett, executive director of The Spamcon Foundation, a spam watchdog group, said of the recent Internet attacks on lists used to block spam.

“Before, it was a guerrilla war … This is the first time we’ve seen (spammers) employ such brazen tactics,” he said.

Anti-spam advocates maintain hundreds of spam block or “black hole” lists, which are Web sites with lists of the numerical Internet protocol addresses of specific computers or e-mail servers that are unsecure or are known sources of spam.

Network administrators and Internet service providers consult the lists and block e-mails coming from those computers as part of their spam filtering techniques.

Two of those spam block lists have shut down after being attacked by denial-of-service attacks, in which compromised computers are used to send so much traffic to a Web site that it is temporarily taken down. The operator of another list shut down fearing a pending attack.

“There seems to be a methodical well-planned attempt to use pre-assembled networks of zombie machines to create sustained denial of service attacks on servers where these block lists run,” said Barrett.

‘HANDWRITING ON THE WALL’ shut down on Monday following a three-day denial of service attack over the weekend and an attack last month that lasted 10 days, list operator Ronald Guilmette said in a posting to an anti-spam news group.

“The handwriting is now on the wall,” he wrote. “I will simply not be allowed to continue fighting spam.”

Spam block list operator also recently shut down its list after a denial of service attack, and on Tuesday the list maintained at Tennessee Internet service provider Compu-Net Enterprises was taken down.

Bill Larson, network administrator at Compu-Net, said in an interview on Thursday that he shut the list down because he was afraid it would be targeted with a denial of service attack.

The company was already being harassed, receiving complaints after attackers sent spam that looked like it was coming from the company’s network and legitimate e-mails were getting bounced, he said.

Experts have speculated that spammers are behind a computer worm, Sobig, that surfaced earlier this year that can turn infected computers into spam relay machines.

“The black hole lists were incredibly effective until the Sobig worm started going out,” Larson said.

While Guilmette complained that ISPs could do more to stop the attacks by taking the attacking computers offline, Larson said anti-spam advocates were considering other options to keep the lists going.

They are talking about having lists that are distributed across numerous computers like in a peer-to-peer network, he said. “That will make it hard, if not impossible, to take them down,” he added.

However, the best solution to the problem is for people to just “not buy the products mentioned in spam” advertisements, Larson added.
More here.