Spammers Grab IP Space Assigned to Egyptian President's Wife

 
 
By Brian Prince  |  Posted 2011-02-02
 
 
 

Spammers have control of thousands of IP addresses assigned to the wife of Egyptian President Hosni Mubarak and the science center that bears her name.

According to the Spamhaus Project, spammers hijacked IP addresses assigned to Suzanne Mubarak and the Suzanne Mubarak Science Exploration Center. The move is typical of spammers trying to get their hands on Internet address space that has not been blacklisted, security pros told eWEEK.

"Spammers hijack IP address space to be able to use IPs that are not...listed as having been used for spam, so that their spam has a greater chance of being delivered," said Mike Geide, senior security researcher for Zscaler. "IP address hijacking by spammers does occur regularly. It also occurs on occasion from accidents/misconfigurations."

Another noteworthy IP address hijacking example was when Pakistan accidentally hijacked YouTube's address space when they set up route statements to "black hole" YouTube's address space, Geide said.

"The route propagated in BGP [Border Gateway Protocol] to the global routing table and all Internet traffic destined to YouTube's address space went to Pakistan," he said.

Spamhaus identified suspected spammer Michael Lindsay and his company iMedia Networks as being in control of the Egyptian IP addresses. Egypt's weeklong Internet outage came to an end today around 5:30 a.m. EST, according to Arbor Networks, when Egyptian Internet traffic returned to near-normal levels.

"While other countries, including Iran and Myanmar, experienced telecommunication disruptions following social unrest in the past, the Egyptian outage represents a new Internet milestone," blogged Craig Labovitz, chief scientist at Arbor Networks. "For the region, Egypt enjoys one of the largest and most robust Internet infrastructures with four major national providers and a hundred or more smaller consumer and Web-hosting providers. Put simply, we have never seen a country as connected as Egypt completely lose Internet connectivity for such an extended period. Also as a sign of the growing importance of social media, and Web sites, it is telling that the Egyptian telecommunications block largely focused on the Internet-mobile and fixed-line service returned earlier in the week."

Unsurprisingly, Egyptian spam dropped as the country dropped off of the Internet. According to Symantec, historically Egypt has accounted for around one-tenth of a percent of spam in terms of country of origin.

"For the first question, spammers do their best to bypass anti-spam services.  One of the first obstacles the spammer faces is IP reputation-based filtering," said Eric Park, abuse desk analyst for Symantec. "So it makes perfect sense for spammers to hijack the IP space as it will essentially bypass IP reputation-based filtering-at least temporarily. Spammers also achieve the same thing by hijacking Webmail and sending messages through popular messaging services.

 


Rocket Fuel