BlueSecurity, BlueFrog & BlueFreaks That Love Them

CastleCops Closes BlueSecurity forum...

2006-05-31T22:11:00.000-04:00

If you want to get your last posts in before they permanently archive the forum over at CC, better make haste.

http://castlecops.com/postx157166-0-0.html

... you have until the 1st of June.

We would like to say thank you to the folks at www.castlecops.com for their kindness in hosting an emergency forum for BlueFroggers.

Thank you!

Blue Frog Security Disaster for each of us... URGENT!

2006-05-17T23:07:00.000-04:00

It is worse than we first thought. The "security" in which we trusted, is SO bad that the link to the main server isn't even encrypted. If it were, this wouldn't be possible:

(Terry, we owe you one!)

From Terry Bowden:

My urgent recommendation. Remove the Blue Frog Application NOW.

Start >
Programs >
Blue Security

Uninstall the plug-in

Uninstall Blue Frog

Or

Control Panel > Add / Remove Programs

Remove Blue Security

Browser > Tools > Extensions > Uninstall the Blue Frog SRT

Do not delay. Do not reinstall.

We have witnessed the destruction of Blue Security from a wave of different attacks. There is good reason to belief that the final wave takes control of the frog to launch both spam attacks and DDOS attacks.

The application was designed as a client, not a server. Blue Frog always polled the "home base" for work, after authenticating. Home base was an IP address, and a system that returned a positive after authentication. Then it sent a queue of tasks to the frog.

THE ATTACKER SAYS If I took over that IP address (a DNS change) I could send back that positive response to the blue frog authentication, and then send scripts to the frog to do anything I like.

TERRY SAYS I hope you followed that. Our much beloved Fred is now not only dead - he is deadly. UNINSTALL NOW.

Terry Bowden

Blue Frog Source-Code Found...

2006-05-17T21:01:00.000-04:00

Thanks to Quxan, one of the terrific fans in the fan-club, we now have the source code.

Download it while you can, if you are so inclined:

http://prdownloads.sourceforge.net/bluefrog/bluefrog-src-1.9.1.1152.tar.gz?use_mirror=surfnet

Thank you Quxan! We owe you one. :-)

Blue Security Hides Blue Frog Source Code...

2006-05-17T20:02:00.000-04:00

Apparently Blue Security doesn't want people to make use of the source code they didn't write in the first place.

The Sourceforge project page for Blue Frog has been stripped of the download section which contained the source code that many programmers are clamoring for.

To deny others the opportunity to carry the torch for free, that they weren't willing to bear for millions of now squandered dollars, seems like adding an unbelievable insult to injury.

One thing is for sure:

Every venture capitalist on the planet now has an idea how these people work. I will bet they have a hell of a time getting future funding for whatever the hell they are planning to do half-way next time.

If anyone has a copy of the source-code, please post in the fan-club.

Un-Install your Blue Frog Client ASAP!

2006-05-17T19:46:00.000-04:00

As posted by: "Captgosnold"

"If you leave our frog client running now that Blue has closed down, it can be abused by hackers to attack whatever website they like."

My comments:

This would explain why so many people are being told by their ISP that they are generating suspicious activity, even after they have cleaned their system with every tool known to man.

As a side note:

You will have to un-install the FireFox extension and possibly the IE extension by hand.

FireFox is easy enough: On the top (file) menu:Tools>Extensions then select the BF tool, and click un-install.

Close and re-open FF, and all should be well.

The IE extension should go away with the main un-installer. If it doesn't, get into the fan-club and ask for help.

Good luck to us all.

Is This The End of The Blue Frog Blog?

2006-05-17T19:40:00.000-04:00

This was written in response to a question asked in the comment section of the blog. The answer is: Not hardly!

We will keep this going until there is at least one better solution realized.

Get into the fan-club if you haven't already and post any news you find.

If there are any other disgruntled fans running fan-sites out there, don't give up! This wasn't about the people running Blue Security... it was about YOU and ME. The Blue Frogs.

I suggest we divorce the two at this point. The Blue Frogs didn't fail. Blue Security did.

We will stay here as long as you care to hear from us.

Blue Security Surrenders... Spammers Win.

2006-05-17T01:44:00.000-04:00

Here it is, right from the source, though a search on google news will show several news items.

Apparently we weren't worth telling.

http://www.bluesecurity.com/

"Blue Security Ceases Anti-Spam Operations

When we founded Blue Security in 2004, we believed that if we automated a way for users to rise up and exercise their rights under the CAN-SPAM Act, we could reduce the amount of spam on the Internet.

Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.

However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against many members of the Blue Community.

After recovering from the attack, we determined that once we reactivated the Blue Community, spammers would resume their attacks. We cannot take the responsibility for an ever-escalating cyber war through our continued operations.

As we cannot build the Blue Security business on the foundation we originally envisioned, we are discontinuing all of our anti-spam activities on your behalf and are exploring other, non spam-related avenues for our technological developments. As much as it saddens us, we believe this is the responsible thing to do.

You need not do anything as a result of this change. We will continue to protect your names and addresses and honor all privacy commitments we made to you.

We have concluded we should not take Blue Security to the full deployment stage we originally planned to achieve, but we are proud of what we have accomplished thus far as a young startup company.

We are extremely proud to have had the chance to work with such a devoted and dedicated community: thank you for the vote of confidence you gave us over the past few months as well as the particularly vocal support you have shown over the last two weeks.

We will be innovating and building our technology in new, other directions and will continue to give back to you, our Community.

Thank you for your support,

The Blue Security Team."

... well that about ties it up.

I don't even know what to say.

Easy fix for BlueFrog servers...

2006-05-11T04:47:00.000-04:00

Hello everyone,

You know, there are only so many things that can go wrong with an outgoing mail server. Along the lines that any gasoline powered engine can be run if it has these things:

Fuel

Air

Spark (At the right time)

Compression

... so too the SMTP server that sends mail only needs a limited numberof things to make it work.

I have written to BlueSecurity through their ticketing system. I gaveseveral possibilities, and explained that I could actually go to theProlexic datacenter and assist them in fixing this if need be.

The delay at this point is costing us all credibility.

If any of you know anyone directly involved, please pass the word. You have willing help, over here waiting for the go-ahead.

Thank you.

Blue Security Server Status

2006-05-08T14:38:00.000-04:00

Myst says:

Hi guys!

For updates regarding the Blue Security servers please watch this page:

http://community.bluesecurity.com/.3c54406d

Thank your support and patience. :-)

BlueFrog Community Server is Back On-Line...

2006-05-06T16:54:00.000-04:00

Here is some more good news:

http://community.bluesecurity.com/

... is up and running. Very, very slowly. You might want to give it an hour or so for the initial rush to die down.

I will see you there.

Freedom is not Free... (From: Eran Reshef)

2006-05-06T16:25:00.000-04:00

This is posted here:

http://www.bluesecurity.com/announcements/Freedom_Is_Not_Free.asp

A message from our CEO, Eran Reshef:

In the last few days, PharmaMaster has order a brutal, vicious attack on our community. We were blackmailed, threatened, spammed DDoS-ed and blackhole filtered. PharmaMaster wants to take away our right to be let alone. We will not let this happen.

On Friday, May 5th, the growing pressure of public opinion generated by our community has shattered PharmaMaster's coalition. Even PharmaMaster's partners understood that ripping apart the Internet is unacceptable. We have been sent a message that the DDoS attacks will be halted, and we can confirm that for the last 12 hours, we have not seen any significant attacks. Our community has a played a vital part in winning this important battle. Thank you for support and hard work!

When we realized the spammer had blocked access to our website to obstruct members from using our service or access our website to receive more information, we performed a series of tests to determine what had happened. These tests clearly indicated that the corporate site was not subject to a DDoS attack since it was accessible from inside Israel and there was no load on the system. These symptoms were in accordance to what the spammer had indicated he would do (i.e. block all traffic to our site from outside of Israel) in an ICQ session.

We must remember that freedom is not free, not in the real world and not in the cyber space. Rest assured that PharmaMaster will do his worst to launch more attacks. Right now, some members are under spam attacks, our current service provider suffers from a massive joe-job, and our intelligence reports indicate a threat of distribution of faked frogs (download frogs only at the official Blue Security's download location).

Our immediate priority is to deter spammers from continuing to attack individual members. The community can rest assured that our right to opt-out will soon be used to the fullest extent permitted under the CAN-SPAM Act. Report your spam, including threat letters, bounce backs and joe-jobs. Your frog will soon be very busy.

Many of you are asking how you can help the cause. Here are some ways you can help thwart PharmaMaster's plans:

Express your opinion by writing a blog item
Periodically search for blog postings or news articles mentioning our struggle and post your opinion
Write or call your representative (US, UK) and express your opinion
Become an affiliate and promote Fred on your site
Help us develop our open-source Fred into a super-Fred
Help forge business relationships between Blue Security and your company
Spread our postings to other sites and discussion groups
Get your friends and family to join the community
Run your frog and report your spam
Express your opinion by writing a blog item

Fred needs you! Help us win the Blue Independence War!

A Time-Line of The Events So Far... (By: Eran Aloni)

2006-05-06T16:19:00.000-04:00

As relayed by: Captgosnold

Captgosnold Says:

"When the community site is available we will update you.

Spam Reporting is NOT yet back online either.

The moderators are in touch with Blue on a nearly continuous basis, and we will update you immediately when things change.

Eran Aloni has released this info about the attack on Blue Security. It straightens out a lot of the misinformation that appeared in the media."

From Eran Aloni:

Recent Attacks Blue Security Starting Monday, May 1st, the Blue Community has been the target of a criminal spammer. This criminal spammer, PharmaMaster, is attempting to deny our community the right to opt-out from his spam messages.

Aside from blackmail emails sent to community members, there were two separate attacks on Blue Security itself. The first attack was to block worldwide access to Blue Security's corporate website (www.bluesecurity.com) by tampering with the Internet backbone using a technique called "Blackhole Filtering". The Second attack was a DDoS attack on Blue Security's operational system.

When we realized the spammer had blocked access to our website to obstruct members from using our service or access our website to receive more information, we performed a series of tests to determine what had happened. These tests clearly indicated that the corporate site was not subject to a DDoS attack since it was accessible from inside Israel and there was no load on the system. These symptoms were in accordance to what the spammer had indicated he would do (i.e. block all traffic to our site from outside of Israel) in an ICQ session.

In order to inform our community of what had happened, we used a previously-existing blog site for the Blue Community which had been host to our corporate website prior to July 2005.

We posted a short blog item to inform our users and other constituents of the situation and how we were working to solve the issue. After the name server had been updated such that traffic to www.bluesecurity.com reached the blog, the blog was active and functioning and many users had posted comments. It was only 40 minutes after the redirection that PharmaMaster decided to launch a DDoS attack on www.bluesecurity.com, now hosted at TypePad.

Blue Security shares the pain of blogs.com's community that was seriously affected PharmaMaster's criminal acts. But, those who blame Blue Security for the attack only further the agenda of PharmaMaster to impose his will on all Internet users.

---

Attack Timeline (All times in GMT)
[May 2nd 13:42 GMT] PharmaMaster Works to Block Traffic to Blue’s Corporate Web Site One of world’s largest spammer’s, ‘PharmaMaster’, sends Blue Security an ]ICQ Message stating that he will block traffic to Blue’s corporate website, www.bluesecurity.com.

ICQ Message: "Support b [tier-1 ISP name withheld] says: Yes wont be a problem, i'll make sure to block all traffic to this domain very soon just get me reports mate" "b [tier-1 ISP name withheld] will block traffic to your websites god i love this war "

[May 2nd 14:47 GMT] BlueSecurity.com Can’t be Accessed Outside of Israel Blue Security receives another ]ICQ Message from PharmaMaster stating that Blue’s corporate Web site cannot be accessed from outside of Israel.
ICQ Message: " bluesecurity.com cant be open from outside of israel oh i feel sorry for the company really "

[May 2nd 15:30 GMT] Blue Security's Dedicated Servers—NOT Corporate Website—Under Attack Blue Security’s operational servers—NOT www.blusescurity.com—suffer from DDoS attacks.

[May 2nd 16:30 GMT] Corporate Website Receives 2 Hits/Min Blue employees notice that there is not load on the corporate website, www.bluesecurity.com (2 hits per minute) and that most visitors originate from Israel.

[May 2nd 17:07 GMT] PharmaMaster Sends Message: Website Can’t be Accessed Around World Blue receives another ]ICQ Message from PharmaMaster stating the company’s corporate Web site can not be accessed around the world.

[May 2nd 20:17 GMT] Blue Performs Technical Analysis: Confirms Website Cannot be Accessed Abroad Blue’s technical analysis team determines that its corporate website can still be accessed from Israel, but cannot be accessed abroad.

[May 2nd 21:17 GMT] Blue Reports More Symptoms: "Blackhole filtering" Confirmed Blue’s operational team reports on more symptoms supporting PharmaMaster's claims that the backbone of the Internet was compromised (blackhole filtering at the backbone level). Still, there is no sign that there was a DDoS attack on Blue’s website.

[May 2nd 22:45 GMT] Blue Security Decides to Update Blue Community Blue Security decides to update the Blue community about the situation by reverting to Blue's pre-launch "Blue Zone" Blog, hosted on Typepad.

[May 2nd 23:20 GMT] BlueSecurity.com Redirected to TypePad www.bluesecurity.com is redirected to Blue Security's blog. Many community members can receive real time information about the attack.

[May 2nd 23:27 GMT] First Comment Posted on the Blue Blog Blog site at TypePad functional. The first comment is posted on the Blue blog by a user.

[May 2nd 23:57 GMT] Last comment Posted on the Blue Blog Before DDoS Begins TypePad blog site still functional. The last comment is posted thirty minutes later on the Blue blog just before the new DDoS attack occurs. (If there had been an initial DDoS attack on Blue’s corporate site, the blog site would have been hit as soon as the DNS was redirected.)

[May 3rd 00:00 GMT] PharmaMaster Starts Attacking Typepad A fierce and ruthless DDoS on Typepad begins. Blue is not aware of the DDoS due to the late hour in Israel (2 AM local time). Typepad continues to carry Blue Security's blog and help Blue keep our community aware of the situation.

[May 3rd 16:43 GMT] PharmaMaster Strikes Again, Takes Down Tucows PharmaMaster starts another attack and takes down Tucows's DNS servers which were serving thousands of sites, including Blue Security's. Tucows terminates Blue Security's account in an attempt to stop the attack.

[May 3rd 23:23 GMT] PharmaMaster Boasts Success Almost 24 hours later, PharmaMaster boasts success in another ICQ Message: pharma master: you know i feel sorry for you and all the world 9000 servers are down because of your company pharma master: world cant resolv pharma master: all the biggest isps been emailed that all this of bluesecurity.com and lets see how they would love you to be able to push trafic from them pharma master: good luck anyway

[May 4th 13:00 GMT] Blue Security partially restores its services Blue Security's web site and some of its operational servers are functioning again. Posted by Eran Aloni May 6, 2006 09:31

From BlueFreak:

Please spread this far and wide to show what happened.

New Spammer Threatening E-mail sent to BlueFrog Users...

2006-05-06T15:27:00.000-04:00

From Fan-Club Member Blue Devil:

Here's the latest e-mail I just received:

"Dear Blue Frog Member,

As a follow-up to our previous emails, and, as promised, we are stepping up in the fight against Blue Security.

The Blue Frog member email database has been compromised, and is currently being distributed worldwide to spammers and to the public. Attached to this email, you will find a zip file of the Blue Frog database, which includes your own personal or business email address(es). If you have not uninstalled Blue Frog yet, we highly suggest you do so now in order to avoid your involvement in this war any further.

Leaving your email address on the Blue Frog list is a risky choice, as we will uphold our promise not only to increase your spam by 20 times the amount you are receiving now, but to continue to make this list publically available as well. Also, as the Blue Frog member database is updated, we will find more creative ways in which to use it, and frequently release it to whomever we wish.

Blue Security, Inc"

Blue Devil Says:

Wouldn't I just love to have 5 minutes alone in a locked room with this MORON. I'm not usually prone to violence but I'd be happy to kick the crap out of this low life! Sorry buddy, but I will NOT be intimidated by your empty and false threats. Now why don't you be a good spammer boy and go play in traffic on the busiest freeway you can find.

----

I Say:

This isn't over folks. You aren't going to get multi-millionaires to roll over and play dead without a fight.

So let's fight.

Discuss this here:

http://castlecops.com/t154570-Heres_the_next_threatening_spam.html

Blue Frog Servers Coming back on-line... Frogs Operational.

2006-05-06T15:11:00.000-04:00

From Moran Nir:

Thanks you all for your hard work, unremitting devotion and dedication.

We are one big and strong community!

I am happy to announce that we are back on the track!

The http://bluesecurity.com, http://members.bluesecurity.com (servers) and the frogs are now back up and active.

http://community.bluesecurity.com will be coming up soon too.

Thank you again,

Moran Nir

Community Manager
BlueSecurity.com

(Minor editing.)

BlueFrog Back On-Line...

2006-05-05T16:35:00.000-04:00

From Mystified:

"Please watch this section for updates regarding the Blue Security sites and other services.

This just in from Moran 5-5-2006 Corporate site is up!

Frogs are connected!

Members site is still being worked on as is the community.

Spam reporting: We are currently asking all users to hold off reporting until further notice. Let's give the hard working Blue staff a break for the moment. "

We would like to say:

Thank you Blue Security for the hard work.

Thank you Myst, for the good news and the speedy updates.

Follow this thread here:

http://castlecops.com/t154441-Blue_Security_Updates.html

News Outlet Shifts Blame to Victim...

2006-05-05T00:23:00.000-04:00

According to this article:

Blue Security shifted attack, brought down blogs - Security - www.itnews.com.au

... Eran Reshef of Blue Security is to blame for taking down at least one major internet company who was unprepared to deal with a DDoS(Disttributed Denial of Service) attack.

In my opinion it is never the best practice to shift blame to the victimized party.

Here is the general point I would like to make:

I would like you to put yourself in the shoes of someone in high-school, who is being chased by a knife wielding bully intent on his demise.

What do you do? If it were me, I would run to the nearest, largest and most capable looking individual and hope they were better equipped to deal with the bully than I was.

If the big, bad, tough looking dude you picked to help you, screams like a little girl and runs around in a circle till he faints... is it your fault?

I didn't think so.

I cannot speak for the Blue Security team, but I know that if I were in their shoes, I would have expected major internet sevices, like those mentioned in the article, to be fully equipped to deal with a situation like this.

If you have a website hosted with one company, and they cannot handle the traffic you provide, you move to a "better" hosting company. If that hosting company wilts under the load, how is that your fault?

Same situation here: It was assumed that major companies that have to protect the interests of their clients will use a company like www.prolexic.com, or at the very least a hardware IPS system, to ensure that their customers are protected from criminals like the one(s) that have attacked the Blue Community.

It immediately became clear that someone along the chain hadn't invested in the technology to mitigate and/or prevent a criminal assault on their systems, leaving the Blue Security team to find another solution.

If you were troubled because of these failures, don't blame the victim... Blame the people who didn't invest in the infrastructure required to withstand the attack of a criminal.

If someone burned down your apartment building, would you blame the newest people to have moved into the building? Of course not! This is the same situation.

You and I will make the difference in this conflict, nobody else. How, you ask?

Simple:

If you see a crime in progress, and it directly affects you, who's fault is it if nobody does anything about it? Your fault, of course.

There is a criminal patronizing every e-mail box that gets spam... and he has stated that "If I can't spam, there will not be an internet." What are you going to do about it?

If it were someone setting fire to your house, you would do something about it... what is the difference?

When BlueFrog is back in operation, go there and become a member. Do your part to reclaim the internet from the scum like this.

You, me, and millions of other people can put an end to the power this person and others like him currently enjoy. It seems to me like it would be a sin not to use the tools we have, to right this incredible wrong.

Thank you for your help.

SuperSpammer Admits Coming Defeat of Spammers Everywhere...

2006-05-04T20:36:00.000-04:00

Check this out:

The SuperSpammer that has terrorized the web for days now, not to mention e-mail inboxes everywhere for years now, admitted his pending defeat today by way of an ICQ contact with Blue Security, Home of the Blue Frog.

An excerpt from the transcript follows:

"Blue found the right solution to stop spam, and I can't let this continue."

... Which reportedly was followed closely by another statement in which PharmaMaster told Blue Security that "If I can't send spam, there will be no Internet."

Obviously, the entire internet is not going away on this person's say-so, which leaves us with one possible conclusion: He is doomed, and so are the lower ranking spammers.

If you look at it like that, he is already admitting that he has done his worst. His worst didn't quite cut it, so all he has done is made the entire internet a fan of the one company that is in danger of putting him away... BRILLIANT!

Read about it here:

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20060504006094&newsLang=en

... Comment about it here:

Blue Frog Fan-Club thread about this story.

A spammer-proof meeting place for BlueFrog lovers?

2006-05-04T20:08:00.000-04:00

Hello everyone,

We have finally found the solution to every discussion forum we set up being smashed to heck by this jerk:

Let us see the spamming fiend take Google.com off-line. Never happen. :-)

Get on over to the forum of the Original BlueFrog FanClub:

http://groups.google.com/group/bluefrog

... the group is moderated, and all the original moderators from Blue Security are welcome to become mods over here as well.

"Spread the word, far and wide,

that Google-Groups have Frogs inside. "

... I know, I know, I couldn't help it. See you over there. :-)

The BlueFrog War Begins...

2006-05-04T15:02:00.000-04:00

On April 29th, 2006 at roughly noon o'clock -5 GMT, a group of spammers began an assault that I believe with all my heart will make their lives a living hell.

The attack became noticeable as the forums at community.bluesecurity.com became slower and slower.

Gradually, some of the people using BlueFrog to reclaim their in-boxes began receiving letters...

... letters threatening them with increased spam and legal difficulties, unless they immediately removed themselves from the DO NOT INTRUDE REGISTRY which Blue Security maintains.

Much discussion ensued as the forum at blue security ground ever closer to it's eventual halt.

Through all of this conversation, which included some very good technical reporting, we learned that there is a hard-core criminal element type of spammer which is determined to destroy any opposition to their will.

Unfortunately, the hosting company that Blue Security uses, is in no way up to the challenge which leaves us without a central gathering place.

This will grow into that place eventually.

Soon there will be forums and more on this domain, so gather-round and let us show the worst of the worst that cannot be discouraged so easily.