I just came across an article at Secureworks about the Storm Worm virus. According to SecureWorks, this was the virus that compromised machines that were used in a DDoS attack on spamnation.info, and the IP address for spamnation.info was even hardcoded into the configuration file for the DDoS component downloaded to the infected PCs.
The article makes interesting reading. It seems that some of the other targets for the attack — apart from other anti-spam sites focusing on stock spam — included distribution and control sites for another spam virus, Warezov. Secureworks speculates that Warezov is operated by a rival spam gang, and that the Storm Worm creators were trying not just to silence their critics but to hinder a competitor as well. The Warezov gang responded in true spammer form by changing DNS entries for their sites to dump the attack onto spamhaus.org.
It shouldn't come as any surprise to learn that the spammers are fighting amongst themselves. The fiercest competitors of any organism are other members of its own species, which compete for the same food and resources that it needs to survive and breed. The problem is particularly acute in the case of stock spam — if you're about to send out a spam pushing stock X, the last thing you want is for your rivals to distract your potential marks by bombarding them with mail advertising stock Y at the same time.
There's nothing new about internecine warfare between criminal gangs, on or off the Internet. There are periodic joe-job wars, particularly between rival groups of carders, visible only by virtue of the fact that the mails they send out end up in our mailboxes. Other forms of warfare, such as DDoS attacks or virus competition (viruses that carry their own anti-viral software to eliminate rival viruses: the real-world analogue here is probably sperm competition), may often pass unnoticed except by security experts and the targets of the attack.
The problem with escalating wars between spam gangs is that they tend to involve bystanders, whether they are the people whose PCs are conscripted as foot soldiers for the battle or targets of opportunity like Spamhaus. In the initial attack on spamnation.info, other sites on the same and neighboring servers were also caught in the crossfire.
Unfortunately, it's hard to see this as a diminishing trend, particularly if more effective spam-filtering causes spammers to shift their efforts to lower-volume, more carefully-crafted spam. Just as the Devil reportedly finds work for idle hands, spammers will soon put unused botnet capacity to work launching attacks on their rivals and anyone else who gets in their way. Or even, just for the hell of it, on the root servers.
As [they] reached for him, a last ironic thought drifted through Hendricks' mind. He felt a little better, thinking about it. The bomb. Made by the Second Variety to destroy the other varieties. Made for that end alone. They were already beginning to design weapons to use against each other. ["Second Variety", Philip K. Dick]