Spam and scareware are running rampant following distributed denial-of-service attacks on Twitter, Facebook and other sites that allegedly were intended to silence a pro-Georgian blogger named Cyxymu.
SophosLabs researchers said in a blog post that they've noticed a wave of spam, as well as a sharp rise in scareware -- phony security software that either forces or coerces users to download the application to their computer. The messages reference Cyxymu, who researchers later discovered to be the intended target of the massive DDoS attack that affected micro-blogging site Twitter, as well as Facebook, LiveJournal and other social media sites.
Numerous spam messages contained Cyxymu's name and links to his blog, while the body of the spam message appears to be a letter sent from Cyxymu, apologizing for the DDoS attacks Thursday.
The DDoS attack knocked Twitter off-line for several hours, rendering its 45 million users without service, while Facebook, LiveJournal and several other social media sites suffered a significant slowdown and longer load times.
Since then, researchers discovered that the massive DDoS attack was targeted at Cyxymu, who told The Guardian his real name was Georgy, a 34-year-old economics lecturer from Tiblisi, the Georgian capital. Attack packets were found to request pages hosted by Cyxymu, who had recently blogged about the one-year anniversary of Russia's invasion of Georgia.
While Twitter was back up and running Thursday afternoon, the site experienced connectivity problems and a significant slowdown throughout the weekend.
In reality, security researchers say that the spam campaigns and scareware promoting bogus security software are likely to be cybercriminals taking advantage of the Web traffic surrounding the Twitter attacks in an effort to further discredit and create hardship for the pro-Georgian blogger, as well as solicit victims for money and distribute malware.
"My guess is that these e-mails aren't really being sent by Cyxymu, but are an attempt by troublemakers to bring his name, and various Web pages into disrepute," said Graham Cluley, Sophos senior technology consultant for Sophos, in the blog post.
Researchers at McAfee also noted that the spammers spoofed the e-mail address of Cyxymu as the originator of the spam, which likely flooded the blogger's inbox with copious out-of-office notifications and other automatic messages. "This was likely part of an intimidation campaign designed to send a message to Cyxymu about who was the real intended targeted of the DDoS," said McAfee researcher Dmitri Alperovitch in a blog post.
Alperovitch noted that the spam also contained links to the blogger's sites, possibly with the goal of clogging the servers with a wave of traffic that could result in a system crash. On analysis, the spam campaigns appeared to be distributed by the same botnet that was used for the Twitter DDoS attacks, which churned out spam from Brazil, Turkey and India, Alperovitch said.
(ChannelWeb)