The SANS Internet Storm Center on Thursday received a malware sample that contained code with a not-so-endearing message for the organization.
"You better f*** off SANS.org, especially that Johannes Ullrich [his email and phone number] and Kevin Hong [his email and phone number]," the message said, according to a post today on the organization’s blog. "I really don’t have anything against you, just p*** off alright?"
Ullrich, chief research officer of the SANS Institute, told SCMagazine.com today that the tone of the message suggests the author is not a professional. He thinks the culprit behind the zombie spam is someone SANS recently reported to a DNS provider, telling the company the spammer was using its server to control botnets.
Ullrich assumed the message was meant as a retaliation – but he wasn't offended.
"I take it somewhat as confirmation that we’re right on track here [with stopping spammers]," he said.
SANS is not the only organization that has been on the receiving side of cybercrooks’ wrath lately.
DoS attacks have hit online security and privacy volunteer community site CastleCops for the last couple of weeks.
"Someone isn’t happy we’re up and running," said a blog on the site.
So far, SANS has not been impacted by DoS attacks, but the organization wouldn’t be surprised if it happens soon.
That is why handler Jason Lam today reminded readers of the site’s emergency URL:
https://iscems.dshield.org/index.txt.
Click here to email reporter Dan Kaplan.