Lycos, spammers trade blows over screensaver

Lycos Europe NV is caught in a tit-for-tat struggle with spammers, just days after releasing a free screen saver software program that uses computer down time to swamp Web sites associated with spam campaigns.

At least one Web site targeted by Lycos's "Makelovenotspam" screen saver program, www.moretgage.info, has changed its Web page, forwarding requests it receives to http://makelovenotspam.com, a Web domain that distributes the screen saver program, according to F-Secure. The escalating war with spammers comes amid mounting criticism of the screen saver from antispam experts and a crackdown by ISPs on the program.

Lycos launched the "Make Love, Not Spam" screen saver Wednesday, but was circulating a beta version of the software before that. The screen saver promises to "spam the spammer" by sending a steady stream of requests to a list of Web sites that have been used in spam campaigns, slowing those sites. The list of sites to attack is downloaded by the screen saver program from a control server operated by Lycos.

Charges quickly surfaced that Lycos was crossing the line by launching a DDOS (distributed denial of service) attack, which is illegal in the U.S. and most European countries. The antispam campaign also prompted quick retaliation from unknown parties, including a reported hack of the makelovenotspam.com Web site.

Lycos denied that its Web site was hacked and stated that makelovenotspam does not launch denial of service attacks, because the company is careful to avoid completely shutting down the sites it targets. The company did not respond to requests for comment for this story.

The moretgage.info Web page was changed to contain an HTML (Hypertext Markup Language) Meta Refresh tag that forwards all requests to view the page to http://www.makelovenotspam.com, effectively using the screen saver to launch attacks on Lycos's Web site, F-Secure said. Requests for moretgage.info were still being forwarded to makelovenotspam.com Thursday morning, Eastern Standard Time.

More troubling for Lycos, some ISPs are blocking traffic to the server that controls the makelovenotspam screen savers, according to Johannes Ullrich, chief technology officer at The SANS Institute's Internet Storm Center.

ISPs are treating Lycos's network of machines running the makelovenotspam screen saver in the same way they treat "botnets" of compromised systems that are controlled by malicious hackers or organized online criminal groups and often used to distribute spam or launch DOS attacks, he said.

"The (makelovenotspam) application isn't really all that well thought out. In a way, it's doing a DDOS attack, and DDOS attacks are always a bad thing, because there are always innocent bystanders who get hit as well," he said.

"I would have to characterize it as an astonishingly stupid idea," said John Levine of the Internet Research Task Force's Antispam Research Group.

Legal questions aside, the "spam the spammers" approach won't work, because those behind spam campaigns can quickly take down and move Web sites referred to in spam e-mail. The makelovenotspam program also consumes bandwidth and resources from the networks and ISPs that serve machines running the software, not just from spammer networks, he said.

"This program steals bandwidth from a lot of people who had no intention of playing junior DDOS cop," Levine said.

Ullrich and others consider the "Make Love not Spam" campaign a publicity stunt, more than a well-planned antispam campaign, but say that it was poorly thought out.

"This is like a lame idea that a college kid would think of, not something a serious company would do, " Levine said.

Resistance from ISPs may bring a quick end to the "Make Love Not Spam" campaign, he said.

"My guess is that they won't be able to sustain this very long, once legitimate networks have figured out who is controlling (the machines running the screen saver) and start blocking access to that host," he said.

Join the newsletter!

Error: Please check your email address.

More about F-SecureLycosSANS InstituteThe SANS Institute

Show Comments