New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1015
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image CyberCrime: Denial of Service: Spywareinfo Hacked By Meanies! image
CyberCrime
Tank863 writes "

Spyware Info, Tom Coyote, and Merijn.org (Update)

I received this in an email from lockergnome.. and thought that it would be useful here.
By Meryl K. Evans
Februrary 23, 2004

I talked with Mike Healan, the editor of SpywareInfo, a resource providing the latest spyware threats, forums, and links to related articles and information so that your system can stay free and clean.

Mike has a dedicated server in Atlanta which hosts spywareinfo.com/net/org, merijn.org, tomcoyote.org, dogreader.com and mikehealan.com. On Feb 6, there were a few sporadic DDoS attacks that were easily filtered out.

On Feb 11th about 8am, several hundred PCs infected with some sort of trojan started hammering the server with bogus traffic to port 80 (HTTP). Mike's Web host started blocking IPs trying to open too many connections and brought the server up. 10 minutes later, 2,000 more PCs hit the server and knocked it down again. The data center started blocking wide ranges of IP addresses and stopped the attack again. They attacked again after that and the data center finally firewalled the IP address of the server.

On Feb 12, we switched IP addresses and brought the server back up. 2,000 - 3,000 PCs brought the server down again about 15 minutes later and the data center firewalled the new IP address at port 80 (HTTP). That's why Mike's e-mail works, but not the site.

On the 13, Mike moved tomcoyote.org to hostpc.com and merijn.org to xblock.com. He put out a newsletter using tomcoyote.org explaining what was going on and asking for some donations to help cover costs. The next day, several thousand PCs attacked merijn.org and knocked down merijn and xblock. Several thousand more hit tomcoyote.org and knocked it down along with one of hostpc's servers. Both sites are still down, xblock is back up, and the status of hostpc is up in the air.

On Feb 18, the crew put up two proxy servers that pulled data from the server in Atlanta and used a round robin DNS failover system to load balance traffic between the two proxies. Spywareinfo was running again and dogreader was partially working the next day. The bad guys hit the servers with about 2,000 PCs and the proxies lasted about 36 hours before they were knocked offline. Both servers have been shut down by their data centers.

On the 19th, the meanies also attacked Net-Integration.net, which hosts the support forums for Spybot S&D. A lot of the moderators and helpers at SWI are also admins or moderators for that support board. N-I is back up.

That's where they currently stand.

Starting tonight or tomorrow (hopefully), spywareinfo will have dozens (maybe hundreds) of redundant proxy servers provided by a new corporate sponsor (that can't be named yet). They will provide however many servers and IP addresses it takes to keep the site running in exchange for a newsletter plug and an ad on the main site.

At this point, we don't know who is responsible or what they're using. There is a suspect, but we can't prove it yet.

One guy wrote to say his firewall was logging an enormous number of connections to Mike's site and he couldn't figure out why. He contacted Norton's tech support and they said they were also showing something making connections to his site, so we may be about to get our hands on whatever they are using.

He has been in touch with the FBI about this, but they're playing phone tag. Unfortunately, he's used up $2,500 so far, hostpc about $1,400, xblock at least $2,000, plus some losses for their other customers on their server. Lord knows what it's going to cost overall.

Mike appreciates all the support from his readers and from other antispyware companies. Donations (or plug [email protected] into paypal) are appreciated as these are free resource sites that have to pay their bills like everyone else.

Thanks to Chance for bringing the situation to my attention.

"
Posted on Monday, 23 February 2004 @ 19:37:58 EST by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· HotScripts
· W3 Consortium
· GNOME
· More about CyberCrime
· News by phoenix22


Most read story about CyberCrime:
Police to Launch International Cyber Child Porn Sting

image
Article Rating
Average Score: 5
Votes: 2


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register