The denial-of-service attack that crashed TypePad and LiveJournal this week was caused by anti-spam company Blue Security, which pinned the target on the blog in an attempt to save its own servers, analysts said Thursday. Blue Security denied that it knew the attack would crash its blog host.

Blue Security's Web site has been overwhelmed by a denial-of-service (DoS) attack for at least the last four days, said Todd Underwood, the chief of operations and security at Manchester, N.H.-based Renesys, an Internet monitoring and routing analysis firm.

"Blue Security changed its DNS record, and pointed bluesecurity.com at its blog site hosted by Six Apart's TypePad," said Underwood, "without telling anyone at Six Apart to expect millions of packets per second. That's unacceptable and unethical."

When Blue Security redirected traffic to its TypePad blog, the load overwhelmed Six Apart's servers, bringing down all its blogging services, including TypePad and LiveJournal.

Wednesday, a spokesperson for Six Apart said that the company's servers were not directly targeted, but had been victimized as by an attack against a "security company" whose name she refused to disclose.

For its part, Blue Security continued Thursday to deny that any DoS attack had been launched against it this week.

"It's not a denial-of-service attack," said Eran Reshef, Blue Security's chief executive. "We weren't getting any traffic but from inside Israel. Nothing."

Reshef sees a deeper conspiracy than the one which developed earlier this week, when he reported that some users of Blue Security software were being threatened in messages from a then-unknown spammer. "It's much more complicated than a DoS. What's now happening is that one of the top spammers in the world views [us] as a threat to spam. He bribed someone at a top ISP to make changes to the Internet's backbone so we got no [data] packets."

He also claimed that the attacker, a Russian spammer now dubbed "PharmaMaster," attacked one of the largest domain name providers, took down four major ISPs, and punished one of the world's biggest download sites, all in an attempt to retaliate against Blue Security and its anti-spam software.

"He ICQed us and said 'I own the Net. Everyplace you are going to be, I'm going to follow,'" said Reshef.

Reshef acknowledged that Blue Security redirected traffic from its bluesecurity.com URL to the TypePad blog, but pleaded ignorance. "I didn't think he was so crazy as to attack them," said Reshef.

"His argument doesn't hold water," said Underwood. Reshef had to know his site was under attack, what with 1 to 3 million packets per second hitting the site from just one of the two backbones upstream from the Blue Security domain. "I find it implausible that Blue Security didn't know it was being bombarded by 4 or 5 or 6 million packets a second."

Nor does Reshef's story of backbone bribery stand up. "I went into our data and looked at the last five days of routing updates," said Underwood. "There was nothing fishy there."

"This has nothing to do with Blue Security now," countered Reshef. "PharmaMaster is just not willing to have the spam economy changed. This is about a criminal who wants to keep his spam business."

It is all about Blue Security, argued Underwood, who found no evidence of an Internet-wide campaign as Reshef alleged. But there has been fallout beyond the downed blogs.