Lycos anti-spam campaign backfires

Lycos Europe seems to have shot itself in the foot with the release of a free screen-saver that uses computer down time to turn...

Lycos Europe seems to have shot itself in the foot with the release of a free screen-saver that uses computer down time to turn the tables on web sites associated with spam campaigns.

At least one site targeted by Lycos's "Make love not spam" screen saver has changed its web page so that it automatically forwards requests it receives back to the domain that distributes the screen saver, according to F-Secure.

The escalating war with spammers comes amid mounting criticism of the screen-saver from anti-spam experts and an ISP crackdown on the program.

Lycos launched the screen-saver on Wednesday, but was circulating a beta version of the software before that.

The program promises to "spam the spammer" by sending a steady stream of requests to a list of websites that have been used in spam campaigns, slowing those sites.

The list of sites to attack is downloaded by the screen-saver program from a control server operated by Lycos.
Charges quickly surfaced that Lycos was crossing the line by launching a distributed denial of service attack, which is illegal in the US and most European countries.

The anti-spam campaign also prompted quick retaliation from unknown parties, including a reported hack of the website.

Lycos denied that its site was hacked and stated that makelovenotspam does not launch denial of service attacks, because the company is careful to avoid completely shutting down the sites it targets. 

But one of its targets, the web page, has been changed to contain an HTML meta refresh tag that forwards all requests to view the page back to, effectively using the screen-saver to launch attacks on Lycos's website, F-Secure said.

More troubling for Lycos, some ISPs are blocking traffic to the server that controls the makelovenotspam screen savers, according to Johannes Ullrich, chief technology officer at The Sans Institute's Internet Storm Center.

ISPs are treating Lycos's network of machines running the makelovenotspam screen saver in the same way they treat "botnets" of compromised systems that are controlled by malicious hackers or organised criminal groups and often used to distribute spam or launch DOS attacks, he said. 

"The makelovenotspam application is not really all that well thought-out. In a way, it's doing a DDOS attack, and DDOS attacks are always a bad thing, because there are always innocent bystanders who get hit as well," he said.

"I would have to characterise it as an astonishingly stupid idea," said John Levine of the Internet Research Task Force's Anti-spam Research Group.

Legal questions aside, the "spam the spammers" approach will not work because those behind spam campaigns can quickly take down and move websites referred to in spam e-mails.

The makelovenotspam program also consumes bandwidth and resources from the networks and ISPs that serve machines running the software, not just from spammer networks, he said.

"This program steals bandwidth from a lot of people who had no intention of playing junior DDOS cop," Levine said.

Ullrich and others consider the campaign a publicity stunt rather than a well-planned antispam campaign, but say that it was poorly thought-out.

Resistance from ISPs may bring a quick end to the campaign, Levine said.

Lycos antispam screensaver draws fire >>

Paul Roberts writes for IDG News Service

Read more on IT risk management