Lycos, Spammers Trade Blows
Lycos Europe is caught in a struggle with spammers, just days after releasing a free screensaver software program that uses computer down time to swamp Web sites associated with spam campaigns.
At least one Web site targeted by Lycos's "Make love not spam" screensaver program, Moretgage.info, has changed its Web page, forwarding requests it receives to Makelovenotespam.com, a Web domain that distributes the screensaver program, according to F-Secure.
The escalating war with spammers comes amid mounting criticism of the screen saver from antispam experts and a crackdown by ISPs on the program.
Spamming the Spammers
Lycos launched the "Make Love, Not Spam" screensaver Wednesday, but was circulating a beta version of the software before that. The screensaver promises to "spam the spammers" by sending a steady stream of requests to a list of Web sites that have been used in spam campaigns, slowing those sites. The list of sites to attack is downloaded by the screensaver program from a control server operated by Lycos.
Charges quickly surfaced that Lycos was crossing the line by launching a DDOS (distributed denial of service) attack, which is illegal in the U.S. and most European countries. The antispam campaign also prompted quick retaliation from unknown parties, including a reported hack of the makelovenotspam.com Web site.
Lycos denied that its Web site was hacked and stated that makelovenotspam does not launch denial of service attacks, because the company is careful to avoid completely shutting down the sites it targets. The company did not respond to requests for comment for this story.
The Moretgage.info Web page was changed to contain an HTML Meta Refresh tag that forwards all requests to view the page to Makelovenotespam.com, effectively using the screensaver to launch attacks on Lycos's Web site, F-Secure says. Requests for moretgage.info were still being forwarded to Makelovenotspam.com Thursday morning, Eastern Standard Time.
More troubling for Lycos, some ISPs are blocking traffic to the server that controls the makelovenotspam screensavers, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.
ISPs are treating Lycos's network of machines running the makelovenotspam screensaver in the same way they treat "botnets" of compromised systems that are controlled by malicious hackers or organized online criminal groups and often used to distribute spam or launch DOS attacks, he says.
"The [makelovenotspam] application isn't really all that well thought out. In a way, it's doing a DDOS attack, and DDOS attacks are always a bad thing, because there are always innocent bystanders who get hit as well," he says.
"I would have to characterize it as an astonishingly stupid idea," says John Levine of the Internet Research Task Force's Antispam Research Group.
Legal questions aside, the "spam the spammers" approach won't work, because those behind spam campaigns can quickly take down and move Web sites referred to in spam e-mail. The makelovenotspam program also consumes bandwidth and resources from the networks and ISPs that serve machines running the software, not just from spammer networks, he says.
"This program steals bandwidth from a lot of people who had no intention of playing junior DDOS cop," Levine says.
Ullrich and others consider the "Make Love not Spam" campaign a publicity stunt, more than a well-planned antispam campaign, but say that it was poorly thought out.
"This is like a lame idea that a college kid would think of, not something a serious company would do," Levine says.
Resistance from ISPs may bring a quick end to the "Make Love Not Spam" campaign, he says.
"My guess is that they won't be able to sustain this very long, once legitimate networks have figured out who is controlling [the machines running the screensaver] and start blocking access to that host," he says.