Anti-spam nonprofit Spamhaus has recovered from a denial of service attack over the weekend, but the cyber whodunit was not linked to WikiLeaks supporters as initially believed, according to The Register.
Speculation was that Spamhaus may have been attacked in response to its warning that a WikiLeaks mirror called WikiLeaks.info was being hosted by a Russian bullet-proof hosting outfit Webalta, which also housed phishing, carding and malware sites. Spamhaus advised users to use a safer mirror, WikilLeaks.ch, instead.
WikiLeaks.info, a site only loosely affiliated with the main WikiLeaks site, argued there was no malware on its sites and speculated the nonprofit might have experienced some political pressure.
Spamhaus began receiving email threats from individuals who associated themselves with Anonymous, so when a DoS attack began Saturday, the assumption was that the site was attacked by hacktivists, The Register said.
However, further analysis of the attack traffic determined the attack did not originate from LOIC or another *OIC tool, but instead consisted of UDP and Syn flood packets, Spamhaus said.
“In addition, in some semi-private forums AnonOps members have denied responsibility for the DDoS,” Spamhaus said in a statement on its website. “They have stated how much they hate spam and would not attack Spamhaus. It would seem some actually read and understood what our warning message was about. Rumors are that they have also distanced themselves from members who were promoting the use of botnets to attack sites.”
Spamhaus identified the possible culprit as the Heihachi group, who might have retaliated after getting exposed as what the anti-spam firm called “an outfit run by criminals for criminals.”