Did Blue Security / Bluefrog make a difference?

Blue Frog, we will miss you.

I don't know about you folks, but it seems to me that things are starting to get worse out there. Ever since Blue Security was forced to close their doors and give up on their Blue Frog project, the amount of spam has increased.

For those of you not familiar with Blue Security, they produced a program called Bluefrog, which was, in essence, a DDOS (Distributed Denial of Service) tool designed to fight spammers by flooding them with unsubscribe requests. It was successful, as it worked to shut down spammers by clogging the servers they relied on for their business. A decent article about Blue Frog is found here on Wikipedia

Here's my latest chart, with a couple of special dates marked:


As you can see here, the amount of spam being detected by the Piratefish spiked just after the yellow bar - that was around May 1st, when the attack against Blue Security began. Following this, attack, things began to let up a little bit, until Blue Security shut down (the red bar).

Thus far, in 2 weeks following the shutdown of Blue Security, the amount of spam seems to be consistently much higher than the previous months.

Unlile other charts where the numbers reduce on weekends as people are using email less, looking at this chart we see that the percentage of spam versus non-spam goes much higher on weekends due to people having that much less legitimate email. The tallest spikes are the Saturdays and Sundays on this chart. What really counts is the hump between the spikes - that's the amount of spam people see during the work-week.

Ever since Blue Security has been taken out of the picture, it would appear that number of spams seen every day has gone up a tad bit, and I don't think it's going to get any better.

Besides helping folks deploy their Piratefish to help stop this flood from getting in, my best advice to all of you is to make sure that control all outbound traffic on port 25. If you run a firewall and have a rule that says "anyone-inside -> anyone-outside with any protocol, permit" just remember that you could well be contributing to the spam problem. Egress filtering at the firewall is the best way to prevent trojaned PC's from being the pawns of the Spammers.

If anyone wants to know more about egress filtering, just give me a hollar. It's important to make sure your firewall works in both directions, and not just blocking inbound traffic. Blocking inbound is easy. Controlling outbound is critical to security - and to stopping spam.

Comments

Popular Posts