The Spamhaus Project

news

Spammers Release Virus to Attack Spamhaus.org

by The Spamhaus TeamNovember 02, 20032 minutes reading time
Threat intelligence
Malware
Spam
DDoS

A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. The W32.Mimail.E virus is the latest in a string of viruses, each one released by spammers for the purpose of creating a vast worldwide network of spam-sending machines and building an attack network consisting of hundreds of thousands of virus-infected zombie machines with which the spammers then attack anti-spam organizations.

W32.Mimail.E is designed to infect computers worldwide causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, www.spamhaus.org, and also attacks the web servers of www.spamcop.net and www.spews.org.

Spamhaus began coming under massive distributed Denial of Service (dDoS) attacks in July 2003, soon after the release of the SoBig.E virus and the Fizzer virus (W32.HLLW.Fizzer). In June Spamhaus stated that spammers had now moved from simple spamming through open proxies to actually manufacturing and sending out viruses to create a network of spam proxies, infecting hundreds of thousands of mainly home-user machines on broadband (ADSL) lines.

Fizzer (W32.Fizzer-A) in particular is a very wide-spread worm which spreads by emailing itself to contacts in Microsoft Outlook and Windows address books. The purpose of Fizzer is to install a minature web server on which spammers then host typically "pills & porn" sites, an IRC backdoor, and a DoS attack tool specifically for attacking anti-spam organizations. In August and September 4 anti-spam systems were forced into closure under overwhelming dDoS attacks that hit them for weeks at a time.

Spamhaus itself was subjected to the same intense dDoS attacks for 3 months but survived thanks to its large distributed network capable of absorbing the attacks. Still, expecting more attacks, in mid September we moved the Spamhaus web site behind an anti-dDoS device known as iSecure supplied by Melior CyberWarfare Defence (www.ddos.com) and can therefore now withstand the waves of dDoS attacks.

Help and recommended content

See below for helpful articles and recommended content

Using OMI on Microsoft Azure? Here's an update you need to read

An easy-to-exploit security vulnerability that allows remote code execution (RCE) on virtual machines where Open Management Infrastructure (OMI) is installed has been observed. Users need to take action.

Threat intelligence
Compromised
News • September 28, 2021 • The Spamhaus Team

Suspicious network resurrections

***UPDATE** Dec 1st 2020: A big thank you to Telia Carrier, Hurricane Electric and GTT for taking swift and positive action in shutting down the related announcements.* We believe there is a serious issue relating to the equivalent of 56 “/20” networks, with a corresponding 230k IPv4 addresses. The total...

Threat intelligence
BGP
News • November 25, 2020 • The Spamhaus Team

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

Internet harassment is becoming an increasingly ugly and widespread issue, and over the weekend of August 13-14 it spilled into territory we could do something about. After a few weeks of low level activity, over that weekend some unknown cyber criminals launched a targeted attack on over 100 government email...

Threat intelligence
Deliverability
News • September 16, 2016 • The Spamhaus Team
Home
Home
...
Home