Spamhaus reports that spammers have hijacked IP addresses assigned to the wife of the Egyptian President Hosni Mubarak.
Spammers have
control of thousands of IP addresses assigned to the wife of Egyptian President
Hosni Mubarak and the science center that bears her name.
According to the Spamhaus Project, spammers
hijacked IP addresses assigned to Suzanne Mubarak and the Suzanne Mubarak
Science Exploration Center. The move is typical of spammers trying to get their
hands on Internet address space that has not been blacklisted, security pros
told eWEEK.
"Spammers
hijack IP address space to be able to use IPs that are not...listed as having
been used for spam, so that their spam has a greater chance of being
delivered," said Mike Geide, senior security researcher for Zscaler. "IP
address hijacking by spammers does occur regularly. It also occurs on
occasion from accidents/misconfigurations."
Another
noteworthy IP address hijacking example was when Pakistan accidentally hijacked
YouTube's address space when they set up route statements to "black hole"
YouTube's address space, Geide said.
"The route
propagated in BGP [Border Gateway Protocol] to the global routing table and all
Internet traffic destined to YouTube's address space went to Pakistan," he
said.
Spamhaus
identified suspected spammer Michael Lindsay and his company iMedia Networks as
being in control of the Egyptian IP addresses. Egypt's weeklong Internet outage
came to an end today around 5:30 a.m. EST, according to Arbor Networks, when
Egyptian Internet traffic returned to near-normal levels.
"While other
countries, including Iran and Myanmar, experienced telecommunication
disruptions following social unrest in the past, the Egyptian outage represents
a new Internet milestone," blogged Craig Labovitz, chief scientist at Arbor Networks.
"For the region, Egypt enjoys one of the largest and most robust Internet
infrastructures with four major national providers and a hundred or more
smaller consumer and Web-hosting providers. Put simply, we have never seen a
country as connected as Egypt completely lose Internet connectivity for such an
extended period. Also as a sign of the growing importance of social media, and
Web sites, it is telling that the Egyptian telecommunications block largely
focused on the Internet-mobile and fixed-line service returned earlier in the
week."
Unsurprisingly,
Egyptian spam dropped as the country dropped off of the Internet. According to
Symantec, historically Egypt has accounted for around one-tenth of a percent of spam in terms of
country of origin.
"For the first
question, spammers do their best to bypass anti-spam services. One of the
first obstacles the spammer faces is IP reputation-based filtering," said Eric
Park, abuse desk analyst for Symantec. "So it makes perfect sense for
spammers to hijack the IP space as it will essentially bypass IP
reputation-based filtering-at least temporarily. Spammers also achieve the
same thing by hijacking Webmail and sending messages through popular messaging
services.
Email
Print
