(Photo: Metanoodle)

Notice that your Internet's been a little slow lately? A cyber fight between an anti-spam group and a Dutch Internet company has spiraled so far out of control that it's threatening the infrastructure of the Internet and clogging connectivity for everyday web users, including those--gasp--trying to access Netflix.

The New York Times reports that when the international spam tracking group Spamhaus added hosting company CyberBunker to its blacklist for allegedly disseminating tons of spam, CyberBunker retaliated by launching the largest DDoS attack in the history of the web (that the public knows about, that is). The scale of the attack is so massive that it's "causing widespread congestion and jamming crucial infrastructure around the world." So that's why that episode of Arrested Development wouldn't load.

CyberBunker is a Dutch hosting company that operates out of a former NATO bunker, and hosts any website "except child porn and anything related to terrorism," including BitTorrent site The Pirate Bay. Spamhaus claims that CyberBunker also allows massive spam networks to operate; this accusation set off the cyberattacks, which the Times warns could escalate to the point where people are unable to use normal web services like email and online banking.

When Spamhaus contacted security firm Cloudflare for help, they too became the target of attacks by the massive botnets reportedly controlled by CyberBunker. Writes The Times:

“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of Cloudflare. “It’s so easy to cause so much damage.”

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second.

“It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.”

An Internet activist speaking on behalf of CyberBunker said the attacks are due to Spamhaus abusing their power, using spam as a cover to take down websites they simply don't agree with. "Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," he told The Times. "They worked themselves into that position by pretending to fight spam."

To be fair, if you're trying to prove you don't support big spam operations, it's probably not the best idea to spam the entire Internet using your powerful botnet army.

Detail of image from SophosLabs

SophosLabs reports that malware attacks tend to surge near major elections and the most recent is calculated to pull in anxious voters on either side of the political spectrum; a malicious email purporting to come from CNN declaring "CNN Breaking News--Mitt Romney Almost President."

In a post on their NakedSecurity blog, Sophos explains why no one should click a link from an email like this:

The links all follow the standard Blackhole exploit kit formula. The link in the email takes you to a page that directs you to some nasty JavaScript found on other sites controlled by the attackers.

Even if a user who follows those links is on a protected computer, Sophos reports that the hack then takes another step by trying to send users to a page that appears to be an innocent Adobe Flash update, but in reality tries to infect the victim's computer with the same exploit.

Blackhole exploits are nasty. A few weeks ago Ars Technica explained how most Blackhole exploits work:

BlackHole is a widely-used, web-based software package which includes a collection of tools to take advantage of security holes in web browsers to download viruses, botnet trojans, and other forms of nastiness to the computers of unsuspecting victims. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server.

Blackholes can essentially transform our friendly laptops into remotely-controlled members of a kind of zombie horde. Botnets can be used for all kinds of ugliness, including denial of service (DDoS) attacks.

SophosLabs expects similar shenanigans to continue until the election is over and possibly for months afterward.

Avoiding the malicious Mitt Romney email is easy--don't click links from emails at all, go directly to the website that appeared to send the message. Recipients receiving this particular message should also wonder if it even makes sense--no major news outlet, certainly not CNN, would even bother with headlining a story that a candidate is "almost president" and calling it "breaking news."

As is often the case with malicious emails or direct messages, common sense is the best defense.

He doesn't feel so good. (Wikimedia Commons)

Turns out, cybercriminals can bring home some decent money, after all--at least until someone catches on and shuts down their latest revenue stream. After some reverse-engineering, the sleuths at Symantec have puzzled out the motivation behind the Mac Flashback botnet: Stealing Google's ad revenue. Because, as a clever man once said, that's where the money is.

Translating the highly technical Symantec post, PC Magazine explains:

Here's how it works: when an infected user conducts a Google search, Google will return its normal search results. Flashback waits for someone to click on an ad, and once this happens the user is silently directed to another, irrelievant ad that generates revenue for the attackers.

Symantec concludes, "This ultimately results in lost revenue for Google and untold sums of money for the Flashback gang." How much money? At the height of the infection, ballpark $10,000. Per day.

Though we can't imagine that's hurting the GOOG's bottom line too much.