I just received a new spam with a Hotmail address in the From but a Kornet IP number:


Skybox Security Solutions
Simulated DDoS Network Attacks and Network Intrusions
Customer Challenge:
Large corporations often hire consultants to conduct quarterly penetration (DDoS)
testing on specific segments of their corporate network. This testing can cost over
hundreds of thousands of dollars, and also exposes the network to many potential
disruptions. These disruptions are the result of the intense DDoS attacks testers
can impose on live networks in order to isolate vulnerabilities and weaknesses.
Since the network is constantly changing, and DDoS attacks are rarely dispersed
from a centralized location, the penetration test results often become nullified and
end up being limited to a small portion of the total network.
The Skybox Solution:
Skybox Security performs accurate and non-intrusive DDoS attacks across a larger
portion of the corporate network. The tests are modeled and analyzed through an
automated process via our large botnet network rather than manually performed on a
live network. As a result, the tests are repeated rigorously on a scheduled basis
without any fear of network disruption. Through DDoS attack and access simulation,
vulnerability exposures as well as security control weaknesses are revealed instantly.
DDoS attack simulation discovers all possible attack scenarios and reveals the step
by step process that an attacker or worm may follow. It illustrates specific vulnerabilities
to be exploited and network access traversed for each exploitable path. Access simulation
calculates network access privileges determined by firewall and routing configuration.
Our botnet helps characterize the interconnectivity between any two given points, reporting
not just whether access is possible, but also the detailed path to reach a final destination.
Based on these combined results, security personnel are able to determine what additional
DDoS attacks are necessary and where to deploy our organizations penetration testers.
Awards:
Info Security - Info Security Hot Companies 2006
The Wall Street Journal - One of the most innovative companies in 2005
Information Security Magazine - Product of the year
Network Magazine - Most Visionary Security Product
Network Magazine - Best of the Best in all categories
Secure Enterprise Magazine - Editor's Choice
Gartner - " Cool Vendor " in the security & privacy space
SC Magazine Awards 2006 Winner - The Best Security Solution for Financial Services
IM2005 Award finalist - Information Security and Product of the Year

Company Profile:
Eran Reshef
Founder, Chairman & CEO of Blue Security ( www.bluesecurity.com )

A serial entrepreneur, Eran is currently the founder, chairman & CEO of Blue Security,
the do-not-disturb registry pioneer. Prior to Blue, Eran co-founded Skybox Security and
served as its Chairman. Prior to Skybox Eran founded and managed Sanctum (acquired
by WatchFire), the leader in web application security. Eran holds a variety of security-
related patents that are based on his inventions.
Rina Shainski
General Partner at Carmel Ventures ( www.carmelventures.com )

Following a successful career leading business development and R&D operations in
high-growth software companies, Rina has been investing in software companies ever since.
Before joining Carmel she served as the VP Business Development at Clal Industries and
Investments where she was responsible for software investments. From 1989 to 1996, Rina
held several managerial positions in Tecnomatix including VP Business Development and
R&D Director. Rina serves on the boards of Followap Communications, Skybox Security,
mFormation and Silicon Design Systems. Rina holds a B.Sc. degree in Physics from Tel
Aviv University and a Master of Science degree in Computer Science from Weizmann Institute.
Contact Information:
2077 Gateway Place, Suite 550
San Jose, California 95110 USA
Phone: 866-6SKYBOX
Phone: 408 441 8060
Fax: 408 441 8068
Regional Offices (Israel)
60 Medinat Hayehudim St.
P.O.Box 4109
Herzliya Pituach 46140 Israel
Phone: +972-9-9545922
Fax: +972-9-9545933


I suppose if it weren't in the convoluted style of PRWire, it might mean to say Blue Security does DDoS's to protect the world from DDoS's.

Another odd thing: it had my email address in the headers (the "Received from ...for..." line) but had a nonsense address at the same domain name in the To line. I don't understand how that is done.

Also, I have Verizon. They block everything from Asia unless the ISP begs on its knees to be allowed to send emails to Verizon users. How did this get through?

Anyway, another line in my filter for killthem spam, and off to spamcop. This one is going to Brightmail and Verizon, too.

"do-not-disturb registry"

It's Do-Not-Intrude, man spammers are stupid!

Otherwise, a funny cartooney. Actually made me laugh. BTW - Pharma hasn't increased his batting average, still 1 for 7

I too received that email, but from a different person and a different IP. I also received several bounced mail presumably BF users with fake addresses.

I wonder how they managed that? By changing the "Contact email address" after validating one or more protected email addresses?

This is a character assassination attack on Eran Reshef. Because of his association with a company that developed a DDOS attack simulation tool, it is implying that the beta set-up for Blue Security should not have been vulnerable.

So now the attack team is turnng really nasty.

Makes you want to throw up
. . .
all over them.

Here is the reason for that email. It is a nasty attempt to smear the credibility of Blue Security's CEO. It tells the reader that Eran Reshef co-founded a company that developed a DDOS simulation tool. The average reader is meant to draw the conclusion that such experience infers that Blue Security should have been prepared with counter-measures for this DDOS attack.

The foul plan to discredit Eran has failed miserably on several counts.

1. Most recipients haven't bothered to read it once they've realized it's more of the same trash as the other Blue Frog targeted spam.

2. Right thinking people can see the difference between the technology for
simulating a DDOS attack, and for defending against a DDOS attack. The inference in this nasty spam is therefore invalid, and the spammer has wasted more bandwidth and time.

3. Eran Reshef's reputation in the industry is very strong. This spam has only served to further establish his credentials as a successful visionary. Smear attacks like this bounce like water off a frog's back.

4. People know that Blue Security is still in a beta phase, and did not warrant the high expense of DDOS protection at this stage of development.

5. Victimizing Blue Security has been counterproductive. Huge numbers of newcomers now know of its existence, like what they see, and are joining up.

The hallmark of these attacks on Blue Security are holes in the feet. This is no exception.

Terry Bowden

I got the same thing from a bot I traced back to Toronto.

I got the same but it actually came to me as a joe job bounce back.

John

I've had about four of these messages today. I was joe-jobbed on two of them. MWP caught two as spam, two not. I agree with Terry that this is clearly a guilt-by-association smear against Eran, who is on Skybox's board but is not an officer. I guess the theory is that people who don't want to be spammed are dumb and will see the DDoS references along with Eran's name and think, "Holy Cow, I'd better disaffiliate with the frog people." Talk about a wan hope.

First post from me, so greetings all. I've been following the war in these forums all week. I signed up for the frog about 10 days before killthem/PharmaMaster first went to work, and I have been pleased to see BS bounce back from that nonsense. I think KT/PM has a pretty short future in this game.

This is mixing topics in a single forum, but I think the SMTP reporting is working now, at least from MWP and at least in California. I sent in five spams about four hours ago as a test, and nothing has been bounced.

The current status on spam reproting is:

Partially working- In other words it may work for some, but not others.