In the Fight Against Spam E-Mail, Goliath Wins Again

From the Washington Post

Eran Reshef had an idea in the battle against spam e-mail that seemed to be working: he fought spam with spam. Today, he'll give up the fight.

Reshef's Silicon Valley company, Blue Security Inc., simply asked the spammers to stop sending junk e-mail to his clients. But because those sort of requests tend to be ignored, Blue Security took them to a new level: it bombarded the spammers with requests from all 522,000 of its customers at the same time.

That led to a flood of Internet traffic so heavy that it disrupted the spammers' ability to send e-mails to other victims -- a crippling effect that caused a handful of known spammers to comply with the requests.

Then, earlier this month, a Russia-based spammer counterattacked, Reshef said. Using tens of thousands of hijacked computers, the spammer flooded Blue Security with so much Internet traffic that it blocked legitimate visitors from going to Bluesecurity.com, as well as to other Web sites. The spammer also sent another message: Cease operations or Blue Security customers will soon find themselves targeted with virus-filled attacks.

Today, Reshef will wave a virtual white flag and surrender. The company will shut down this morning and its Web site will display a message informing its customers about the closure.

"It's clear to us that [quitting] would be the only thing to prevent a full-scale cyber-war that we just don't have the authority to start," Reshef said. "Our users never signed up for this kind of thing."

Security experts say the move marks a disheartening development in the ongoing battle by computer users, online businesses and law enforcement against those who clutter e-mail inboxes with a continuous glut of ads for drugs, porn and get-rich-quick schemes. According to Symantec Corp., maker of the popular Norton antivirus software products, more than 50 percent of all e-mail sent in the latter half of 2005 was spam.

Alan Paller, director of research for the Bethesda-based SANS Institute, a computer security training group, said extortion attacks have exploded in the past few years. With Blue Security, Paller said, the attackers' extortionist demands were that the company merely stop interfering in a multimillion-dollar spam operation.

"We're hearing from federal law enforcement that they are getting more than one new case of online extortion each day," Paller said. …