Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam The Internet

Lycos Pulls Vigilante Anti-spam Campaign 328

Posted by CowboyNeal from the hardly-knew-ye dept.
davidwr writes "Eweek reports that Lycos is scrapping it's anti-spam campaign: 'On Friday, Lycos Europe gave up the ghost, posting a 'Stay Tuned' note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.' See previous Slashdot coverage from Nov. 26, Dec. 1, and Dec. 2."
This discussion has been archived. No new comments can be posted.

Lycos Pulls Vigilante Anti-spam Campaign More

Lycos Pulls Vigilante Anti-spam Campaign

Comments Filter:

  • inevitable (Score:4, Insightful)

    by marvy666 ( 215740 ) on Saturday December 04, 2004 @10:33AM (#10995979) Journal
    fighting fire with fire doesn't always work

    • It may not work, exactly (Score:5, Insightful)

      by mcc ( 14761 ) <amcclure@purdue.edu> on Saturday December 04, 2004 @10:47AM (#10996035) Homepage
      But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers with this, or made them feel less secure, in the week this stunt was running. More importantly, look at all the publicity Lycos got out of this; if it wasn't for this spam thing I probably wouldn't have even thought about Lycos's existence once in the second half of this year, and probably you or most of the other people here wouldn't have either. Instead, thanks to makelovenotspam, they've been rescued for at least a moment from obscurity and irrelivance and they've been all over the headlines for a week. Meanwhile, by getting out now Lycos possibly avoids the otherwise-almost-certain legal problems from all of this.

      Was makelovenotspam, in its short life, effective? Almost certainly not. Was makelovenotspam a public good? I'd bet not. Was makelovenotspam good for Lycos? ... well probably.

      • Re:It may not work, exactly (Score:5, Insightful)

        by borud ( 127730 ) on Saturday December 04, 2004 @12:07PM (#10996368) Homepage
        But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers

        Lycos probably caused less distress among spammers than any form of legal action would have caused -- regardless of the outcome of any legal action.

        As for Lycos and publicity: well, now we know that the management have questionable ethics to allow themselves to sink below the level of many spammers (most spammers do not instigate DDoS-attacks on their opponents although some do). I would think twice before getting entangled in any sort of business relationship with someone who is prone to operate outside the law so easily.

        The lasting effect of this is that a line has been crossed. Lycos is the first legitimate business, with at least some brand-recognition, that has shown willingness to engage in activities that are exclusively associated with criminal elements on the net. The question now is whether others will follow or if Lycos represents the low point of the business.

        I made some remarks about this in a blog entry on how Lycos is now contributing to the spam weapons race [borud.no] and how this might set some bad precedents.

      • Week? I've been running this for a month atleast.

        Please, it was SPRAY that created this software.

    • Re:inevitable (Score:2, Insightful)

      by ssimontis ( 739660 )
      Did it even have to work? Lycos probably did it for some publicity. Did they get publicity? Yes. Was it good publicity? Not really. Did it still do what they wanted it to do? Yes.
    • fighting fire with fire doesn't always work

      No, but it does work most of the time.

    • Re:inevitable (Score:4, Interesting)

      by gnuman99 ( 746007 ) on Saturday December 04, 2004 @01:40PM (#10996723)
      fighting fire with fire doesn't always work

      Yes it does. That's virtually the only way to take out wild fires. You burn away the fuel, and the fire dies.

      Trying to put out a wild fire with water is like using your piss to fight your house fire. Not very effective.

      The analogy works. Spammers will cease to exist if they cannot be profitable. If ISPs take down spam sites *fast*, then no problem. But if they don't give a damn, then they should be DDoS'd. Either they remove the cancer, or we remove it for them as it affects all of us.

    • fighting fire with fire doesn't always work

      Actually Lycos is BRILLIANT. Just a year ago I would have agreed with you but careless Internet computing (primarily unsecured(able) Windows machines) and commercial spamers are ruining the experience for all.

      Maybe it is time to fight back. I have no problem in running a program where if I click on a spam button, the senders IP gets 1-5% of my bandwidth for a day. This would raise their costs and throttle their output. Perhaps the upstream ISP would take

  • Good, it was stupid (Score:5, Insightful)

    by Anonymous Coward on Saturday December 04, 2004 @10:34AM (#10995980)
    I can't believe the execs at Lycos even had the balls to O.K it as a plan, let alone develop and support it. Corporate sponsored DDoS attacks? What would have been next; MPAA sponsored screen savers that attacked BitTorrant link sites? SCO sponsored screen-savers that attacked kernel.org and Slashdot?
    • Interestingly, BitTorrent sites, such as Suprnova and LokiTorrent, were hit with massive DDoS attacks this week, just after Lycos started their ScreenDoSer effort.

      For more: BitTorrent takes a hit from DDoS attacks [techspot.com]

      It wouldn't be a surprise if the spammers re-directed their sites to the trackers, as both Suprnova and Lokitorrent had torrents for the screensaver. At the current time, it is still unknown who was behind it.
      • At the current time, it is still unknown who was behind it.


        Could it be that the spammers somehow share the same host? Maybe SuperNova has a side business...

      • It wouldn't be a surprise if the spammers re-directed their sites to the trackers, as both Suprnova and Lokitorrent had torrents for the screensaver. At the current time, it is still unknown who was behind it.
        That's it!!!
        1. RIAA spams.
        2. RIAA gets under LYCOS radar's.
        3. RIAA added in LYCOS's antispam DDOS list.
        4. RIAA points it's DNSs to song-swapping sites.
        5. ????
        6. PROFIT!!!
    • I can't believe the execs at Lycos even had the balls to O.K it as a plan
      I find it very sad that they don't have the balls to go through with it.
      Finally someone stands up and fights a worthy cause only to stop after one week.
      I have but one word for this behavior: cowardism
      Will someone please pick up the towel out of the ring??
      • the word is actually cowardice.
        just so you know.

      • Re:Good, it was stupid (Score:5, Insightful)

        by secolactico ( 519805 ) * on Saturday December 04, 2004 @10:56AM (#10996068) Journal
        I have but one word for this behavior: cowardism

        The execs at Lycos are accountable to board members and shareholders. The legal grounds for this kind of operation are shaky at best (I don't think there are any precedents).

        Exposing the company to legal action (from the spammers, ISPs, etc) would not be in the best interest of the shareholders.

        I think that whoever ok'd this plan was not the one who cancelled. Maybe he/she was simply overriden by higher-ups. Heck, for all we know, that exec might be looking for work right now.

        Do you really think it was a good idea? If enough people think so, somebody will come up with a copy of it... maybe as an extension of SPEWS or somesuch service.

        Myself, I think the intentions are noble but the execution flawed. Is there any accountability for this? You would no longer be just excerising your right not to be bothered by using RBL. You will be actively striking back at somebody, and innocent bystanders that get targeted will incur in damages that go beyond not being able to send e-mail.
      • Finally someone stands up and fights a worthy cause only to stop after one week.

        ... uuh, finally [spews.org]?

        I have but one word for this behavior: cowardism

        How about three words.. cease and desist? If they didn't have one against them already, you had to bet someone would be sending one soon. And frankly I'm suprised such an idea made it past their legal dept (if it even went before legal). I appreciate and welcome their desire to get in this fight.. but the plan of attack was a rather bad one, imho. When

        • Worked. Got "lycos" on the tips of everyone's tongue. Got people to talk about spam. Got Lycos's brand in the news again. Now I'm suddenly seeing Lycos's logo everwhere where I never noticed it before, like at Wired News. No, its not new, I just never "saw" it.

          This is a win-win. They exploited the anti-spam fervor and got attention which might translate into profits, loans, etc.

    • Re:Good, it was stupid (Score:5, Funny)

      by u-238 ( 515248 ) on Saturday December 04, 2004 @11:07AM (#10996105) Homepage
      What would have been next; MPAA sponsored screen savers that attacked BitTorrant link sites?

      I can see it coming; Earn credit towards BlockBuster video rentals, every 5,000,000 packets earns you $0.50 towards your next rental.
      • every 5,000,000 packets earns you $0.50 towards your next rental.

        Make that towards your next legal rental. I don't think the MPAA can release anything that doesn't overuse the word "legal" in it.

      • Blockbuster doesn't help the MPAA. Other than possibly falling through the loophole of only renting it to one person at a time, they don't give any more sales to the MPAA than illegal downloading. Most good-quality illegal downloads come from a once-purchased copy of the movie; Blockbuster rents once-purchased copies of the movies and makes $5 per rental.

        If I remember correctly, the Halo 2 disc had something about no public rental. I was still able to rent Halo 2. I'm not sure that Blockbuster's renting is

    • MPAA already heading that way... (Score:4, Interesting)

      by John3 ( 85454 ) <john3NO@SPAMcornells.com> on Saturday December 04, 2004 @11:20AM (#10996164) Homepage Journal
      based on their early dabbling [p2pnet.net] in anti-P2P efforts [newsfactor.com]. Right now they are just searching out offenders but Lyco's move to bring down spammer sites might encourage the MPAA and RIAA to take more agressive steps.

      While Lycos was on unsteady legal footing in terms of their targets (i.e. it's often tough to connect a web site to the spam sender) the MPAA and RIAA can easily prove that a particular user or BitTorrent link site is sharing/hosting/providing copyrighted material. It may be just a matter of time before earlier efforts to legalize RIAA and MPAA DDOS attacks [com.com] are resurrected.

      • Probably you're right. The only saving grace here is that there are a lot of very, very sharp people around the world (many living in countries that are "freer" from a copyright perspective than the United States ... China, say) that will continue to evolve file sharing technology. In spite of the much-publicized lawsuits and Orrin Hatch's ridiculous public commentary, the entertainment industry has been on the defensive since the original Napster went online. Hell, they've been on the defensive since th
    • Yeah, this whole thing has a very strange vibe to it. I have a feeling that upper management didn't really understand what they were getting into.

      They could always open source the thing and let it take on a life of it's own. If it's a good idea, it will live. If not, it will die.

    • 1) It was not a DDoS.
      2) Sure, why not? You're free todo what you want with your bandwidth? Right? If i want to load some spammers website a couple of hundred times, why not?
      If you want to DDoS slashdot? Sure go ahead, you're probably one of those 1% Cmdr. Taco is talking about anyway reloading mainpage every other second.

    • >Corporate sponsored DDoS attacks?

      Limited legal liability comes in very handy after all those potential lawsuits. Whatever damage (real, hypothetical, etc) would be protected by the corporate shield, thus protecting the owners.

      The companies that hire spammers are corps or s-corps, or LLCs too for the same reason.

  • no fair... (Score:5, Funny)

    by buro9 ( 633210 ) <david&buro9,com> on Saturday December 04, 2004 @10:35AM (#10995984) Homepage
    ... i always wanted to be part of a botnet
  • Now if only spammer would follow the suit!

    errr.. ::day dreaming::

  • well summed up: (Score:3, Insightful)

    by gl4ss ( 559668 ) on Saturday December 04, 2004 @10:37AM (#10995991) Homepage Journal
    **"I find the anti-spam downloadable DDoS tool to be without a doubt irresponsible, possibly illegal, sets a really bad precedent, gives the wrong impression to users, and possibly the dumbest thing I have heard of this week," said Adrien de Beaupre, an incident handler with the SANS Internet Storm Center (ISC).**

    besides than that.. anyone care to pull ye olde form and tick the right places for this particular 'solution for spam'?

    • Fine, you twisted my arm. (Score:5, Funny)

      by IO ERROR ( 128968 ) <error@ioe[ ]r.us ['rro' in gap]> on Saturday December 04, 2004 @10:49AM (#10996039) Homepage Journal
      Your post advocates a

      ( ) technical ( ) legislative ( ) market-based (x) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)

      ( ) Spammers can easily use it to harvest email addresses
      ( ) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      (x) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      (x) Requires cooperation from too many of your friends and is counterintuitive
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      (x) Anyone could anonymously destroy anyone else's career or business
      ( ) Ideas similar to yours are easy to come up with, yet none have ever worked
      ( ) Other:

      Specifically, your plan fails to account for

      (x) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      (x) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      (x) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      (x) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      (x) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      (x) Extreme profitability of spam
      ( ) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      (x) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook
      ( ) Other:

      and the following philosophical objections may also apply:

      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures cannot involve wire fraud or credit card fraud
      (x) Countermeasures cannot involve sabotage of public networks
      ( ) Sending email should be free
      (x) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      (x) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      (x) Killing them that way is not slow and painful enough
      ( ) Other:

      Furthermore, this is what I think about you:

      ( ) Nice try, dude, but I don't think it will work.
      (x) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
    • Man: The Most Dangerous Game.

  • How long until someone makes a clone of this? (Score:5, Interesting)

    by Anonymous Coward on Saturday December 04, 2004 @10:37AM (#10995992)
    Really it's not that complex of a product to make and given that it seems to have been somewhat successful at accomplishing it's goal (or in fact too successful by actually DOSing the spammers) I don't see it as that unlikely that someone will go and create a new screensaver that is even more destructive.

    Clearly there is at least some interest in fighting spam with DDOS even though it's not the best solution.

  • Personally a bit of a shame (Score:4, Interesting)

    by Nexum ( 516661 ) on Saturday December 04, 2004 @10:38AM (#10996000)
    Personally I think this is a bit of a shame. I know a lot of people here weren't too keen on the aggressive style and dubious legal grounds of this scheme, but to tell the truth, if there was a possibility it would eradicate or at least slow spam down, then I'd have to say I'm all for it.

    Perhaps the problem here is that with Lycos being the single point of failure, as well as being a customer facing organisation, its position was just untenable.

    There has certainly been lots of talk about building in such a system to mail clients, and perhaps having a distributed spam-attack system that way - perhaps this will be legally more tenable (they actually emailed you personally) as well as more resilient to pressure.

    • Re:Personally a bit of a shame (Score:4, Interesting)

      by gl4ss ( 559668 ) on Saturday December 04, 2004 @10:41AM (#10996010) Homepage Journal
      *Personally I think this is a bit of a shame. I know a lot of people here weren't too keen on the aggressive style and dubious legal grounds of this scheme, but to tell the truth, if there was a possibility it would eradicate or at least slow spam down, then I'd have to say I'm all for it. *

      look, when the system was so stupidly built that the spammers could just add a refresh tag to forward the flood to wherever they wanted, it had no chance of really slowing the spam down at all.

      kneejerk reaction tactics, with bad execution, that was only supposed to make lycos look like it was doing something for the problem in the eyes of normal folk who don't understand enough to see that it was a fucking stupid idea to do in the first place(especially stupid wheny you were a big company and actually could end up accountable for all the fucking around you do).

      • look, when the system was so stupidly built that the spammers could just add a refresh tag to forward the flood to wherever they wanted, it had no chance of really slowing the spam down at all.

        By all accounts, it wasn't. There would have been little reason for Lycos to write a full-blown HTTP interpreter, when all they wanted was something to repeatedly fetch pages.

        • *By all accounts, it wasn't. There would have been little reason for Lycos to write a full-blown HTTP interpreter, when all they wanted was something to repeatedly fetch pages.*

          rtfa? apparently they did.

          **Evidence of a shooting war in cyberspace was uncovered by anti-virus vendor F-Secure. The company reported that one of the spam sites under attack by the Lycos screensaver simply added a Meta Refresh tag that redirected all incoming traffic back to Lycos.**

          • rtfa? apparently they did.

            **Evidence of a shooting war in cyberspace was uncovered by anti-virus vendor F-Secure. The company reported that one of the spam sites under attack by the Lycos screensaver simply added a Meta Refresh tag that redirected all incoming traffic back to Lycos.**

            Does the article say anything about the screensavers ability to execute said meta refresh? No. The article is obviously written by a journalist that knows little about http. A meta refresh can't possibly "redirect all incom
          • maybe they just used internet explorer components to load the pages, which would have been doubleplus bad, as a spammer could inject viral code by finding a single exploit.

          • Re:Personally a bit of a shame (Score:4, Informative)

            by nchip ( 28683 ) on Saturday December 04, 2004 @12:58PM (#10996561) Homepage
            You are drawing conclusions. f-secure didn't say that the meta tag was FOLLOWED by lycos client, merely that spammers added a meta refresh tag. In fact, it was debunked it on their weblog [f-secure.com]:

            Update on 4th of December, 2004: Lycos has confirmed to us that their screensaver does not follow Meta Refresh tags, so this attempt by spammers will fail. --Mikko

        • There would have been little reason for Lycos to write a full-blown HTTP interpreter, when all they wanted was something to repeatedly fetch pages.

          There would have been little reason for Lycos to write any HTTP interpreter, when all they needed to do was use someone else's code or a Windows API component.

  • Existing installations? (Score:5, Interesting)

    by slavemowgli ( 585321 ) on Saturday December 04, 2004 @10:46AM (#10996028) Homepage
    What about existing users of the screensaver? Will it continue to work (i.e., flood spam sites)?

  • Campaign failed but... (Score:3, Insightful)

    by cyberise ( 621539 ) on Saturday December 04, 2004 @10:50AM (#10996045)
    Lycos did win a minor victory in getting it's company name in the news again. Before this I'm sure most people forgot this company existed. Even bad publicity can be good "sometimes".
    • I wouldn't doubt that that was all they were looking to get out of it. The site, makelovenotspam.com was hosted and created by a marketing company. Now why would an internet company with an entire staff of HTML, graphics, ... gurus and certainly their own server farm outsource to a marketing company? I submit that they needed some publicity and their marketing company came up with a creative way to get some.

  • Well crap, now we need a replacement. (Score:4, Funny)

    by Anonymous Coward on Saturday December 04, 2004 @10:50AM (#10996046)
    I propose Slashdot's editors agree to "accidentally" incorrectly rewrite one submitted link per week to point to the site of a major spammer. It will have exactly the same effect as the Lycos DDOS screensaver, fulfilling its necessary service now that Lycos has backed out, but lack the legal risks and require no new technological infrastructure.
  • ... anybody got it mirrored? :D

  • How about an email program that does this (Score:5, Interesting)

    by G4from128k ( 686170 ) on Saturday December 04, 2004 @10:55AM (#10996066)
    Why not build this feature into an email client (e.g. Thunderbird). When you get a spam, you put it in a special folder and the client repeatedly accesses the site (a la the Lycos screensaver). That way nobody can be cited for orchestrating a DDoS or unfairly blacklisting. Each recipient can make their own spammer determination.

    Whether the client uses the exact URL in the email (which often has identification codes for the recipient of the spam or the affiliate who sent it) is a matter of debate. On the one hand, I don't want to identify myself to any spammer or show that my email is live.

    On the other hand, I would want the spam site to know that using my email address will only bring it grief. As a side bonus, it might even bankrupt the site when it has to pay its spammer affiliates for all the automated clickthroughs. If a greater percentage of people clickthrough via automated means (but don't buy), it harms both the spam-marketed site (in bandwidth and affiliate charges) and it hurts the spammer when sites reduce their clickthough payment rates. I can only hope that this will cause spammer-using sites to crack down on spammers that are too aggressive.

    • Re:How about an email program that does this (Score:5, Insightful)

      by AllUsernamesAreGone ( 688381 ) on Saturday December 04, 2004 @11:20AM (#10996163)
      When you get a spam, you put it in a special folder and the client repeatedly accesses the site

      So how do you determine which is the right site programmatically?

      Go off the email address? Won't work becasue the vast majority of spam uses forged From addresses (I regularly get bounces for spams some asshat has sent with my domain in the from:)

      Write something that interprets the email headers and attacks the originating IP? Won't work thansk to the army of windows boxes running proxies to hide the real sender - you'll just end up attaching an innocent, if ignorant, DSL peon.

      Write something that grabs URLs from the email and attacks that? Won't work either.. well, it will work, it just means that now all a spammer has to do is bung the URL of a competitor or someone they don't like in there and now you're doing a DDoS for them.

      Pretty much any scheme you come up with has so many ways around it or possible abuses that it'd be more dangerous than the problem itself. Even if it isn't determined programmatically, relying on some degree of user interaction or target selection, it is likely to be open to abuse.
    • *That way nobody can be cited for orchestrating a DDoS or unfairly blacklisting.*

      you would actually want to have that.. or would you like to be easily dossed by ANYONE who just sends some spam out? it's a stupid plan. you don't want automatic ddossing without responsibility or authentication or any intelligent means to determine if a site would deserve it(to be even slightly fair youd have to use probably a hour of deciding up, checking where the site is hosted and if innocent would be hit harder than the
    • Ah, so combine it with a Mail service.

      Send a spam to G4@spammeanddie.net and the custom thunderbird software of everyone who uses spammeanddie.net floods them.

      If that were the case, do you think the spammers would start filtering spammeanddie.net addresses out of their victim lists?

      This is not an avocation of doing this or the Lycos thing, just noodling the idea about.

      Another noodle, how about a doohickey that does this but in a way that does no harm. Get a co-ordinated effort that hits the bad sites ju

  • Netcraft Reports (Score:3, Informative)

    by the_mighty_$ ( 726261 ) on Saturday December 04, 2004 @10:59AM (#10996077)
    Netcraft is reporting this too. Check out there story here [netcraft.com]. I wonder if the fact that several Internet backbones were blocking Lycos's site [netcraft.com] had anything to do with them finally deciding to pull it. My guess is simply that this was creating too much bad publicity. Everyone was talking about how Lycos was using unethical tactics to try to stop spam. Lycos probably figured it was not worth it.

  • Everyone who used the Screensaver: (Score:3, Funny)

    by oexeo ( 816786 ) on Saturday December 04, 2004 @11:07AM (#10996106)
    You do realise many spammers are from the Russian Mafia? Please don't be surprised when you find a horse's head on your pillow, and don't expect any sympathy from people who told you being a vigilante moron with the delusions of moral superiority is a Bad Thing(TM).

  • Anti spam from a spyware vendor? (Score:5, Informative)

    by Shaper of Myths ( 148485 ) on Saturday December 04, 2004 @11:09AM (#10996114)
    I stopped trusting Lycos the day I started finding this bloody thing [ca.com] on my customers computers. That they tried and failed at something so shady in the first place doesn't seem like much of a surprise to me. This was just some poorly done publicity stunt, probably dreamed up in by some PHB deep in the dungeons of their marketing department.
  • DOS'ing spammers has potential to make a serious dent in spamming revenue and actually lessen the amount of spam we see in our mailboxes. This is why spammers fought back so quickly against Lycos; they saw their bottom line being compromised. A big company like Lycos is not best organization to lead an attack against spammers because they are an easy target for spammer retaliation on the internet and have a lot to lose legally and financially.
    Instead if a lose group of spam haters worked together to devel

  • Unethical (Score:2, Insightful)

    by gone.fishing ( 213219 )
    Lycos made a major blunder with this campaign. I think it actually gave the entire computing community a black eye and am thankfull they pulled it as quickly as they did.

    It worked along the same theory that "It takes a criminal to catch a criminal" does. That sometimes, you have to get down and dirty to fight back.

    If the only people that got hurt by that kind of plan were the bad guys, I'd buy it. But it doesn't work that way. There is colatteral damage and often times the innocent victims outnumber t
    • It would take almost nothing for the spammers to use masses of zombie-bots as proxy web sites which issue redirects to the real sites. Hitting the zombies would not cost the spammers anything, and it would be trivial for the zombies to keep lists of requesters and redirect redundant requests to targets they'd like to DoS.

      The only way you could avoid this is if the zombie bots' ISP's notice huge amounts of incoming traffic and take them off-line. If this functions as a mechanism for notifying ISP's that a p

      • Re:It's worse than that (Score:2, Insightful)

        by mko ( 117690 )
        The number of zombied machines that are reliable (online 24/7, static ip, good bandwidth) is probably rather small as opposed to machines with DSL or cable.

        If those machines are dDOSed their zombie problem will get fixed in a hurry (because the ISP/owner won't want to pay for the traffic, which they will have to notice because the line is going to be completely saturated). I fail to see that as a bad thing.

    • All that traffic was sent through the internet, across innocent's routers and delayed legitimate traffic.

      Right... So every time you reload Slashdot, you are HURTING innocent routers... Awwww, poor routers.

      I've paid for my bandwidth, and indirectly support those routers. If I choose to dedicate a portion of my bandwidth to useless activities, it's entirely within my rights, both legally and morally.

      Let's prosecute every web host that doesn't use mod_gzip!!! After all, they're hurting innocent routers.

  • Open Sourced? (Score:3, Funny)

    by jarich ( 733129 ) on Saturday December 04, 2004 @11:19AM (#10996153) Homepage Journal
    If Lycos really wants to make a dent and get some free PR, they should release the source... it would ported to Linux, embedded in a virus, and live forever! ;)

    I know a lot of people don't agree with the concept, but I do. The law is getting better but it hasn't handled the spam problem yet. Making the business model invalid is a great idea.

    Think of it as free speech... by having everyone visit the website, it's just like having an old fasioned sit in so the company can't do business.

  • So the spammers were outraged that someone would do what they are doing to others?

  • Vigilantes = Self Righteous Idiots (Score:4, Insightful)

    by t_allardyce ( 48447 ) on Saturday December 04, 2004 @11:35AM (#10996235) Journal
    Vigilante really means "someone who thinks they are above everyone else and the law" which is basically the same definition as a criminal. In fact I would even go as far as to say Lycos are worse than spammers in principle - spammers don't target individuals they mail everyone they can find, and separate spam groups don't collaborate to fill your box, they are all independently adding their contribution. Vigilantes often make mistakes and because of their revenge attitude their punishment is often worse than the original crime. Take the recent Mexico City lynch mob, not only did they get the wrong people, but their burning someone to death demonstrated that they were far sicker than even the worst of those they were trying to target. Vigilantes are just wrong. Lycos should be prosecuted if they've broken the law on this, otherwise the law needs to be revised.

    We can find a solution to spam and it doesn't need to involve stupidity.

    • In fact I would even go as far as to say Lycos are worse than spammers in principle - spammers don't target individuals they mail everyone they can find, and separate spam groups don't collaborate to fill your box, they are all independently adding their contribution.

      Yes, Lycos is worse than Spammers in the same way that the government is worse than terrorists and mass murders. After all, the terrorists don't target individuals, they kill everyone they can...

      Vigilantes are just wrong.

      Vigilante may have

    • In regards to your diatribe against vigilantes: when the authorities are corrupt or unwilling to help, vigilante justice is the only justice to be had. With spam crossing state and national borders, and the U.S. authorities being unwilling to take a stand, a little vigilante justice makes sense.

      Lycos's solution doesn't make much sense though. What about spoofed mails? What's to stop me from spamming ten million people about my competitor's website, so Lycos shuts THEM down? It seems poorly thought out

  • Gaze into the crystal ball... (Score:5, Interesting)

    by gregor-e ( 136142 ) on Saturday December 04, 2004 @11:36AM (#10996237) Homepage
    If someone does an OS distributed bandwidth-sucker against spammer sites, how do the spammers respond? Well, first they go with one-shot URLs that respond with a low-bandwidth 404 after being clicked once. Of course, a persistent SBS (Spammer Bandwidth Sucker) will simply go on racking up 404s, which do still cost the spammer something.

    Next, the spammers will start converting all the zombie PCs they now use for distributed email attacks into web servers that provide their advertisers a distributed source of order-taking. This means that unsuspecting PC owners everywhere will soon rack up astounding bandwidth overruns as URLs that point to their PC get entered into the SBS program.

    Nevertheless, an SBS does strike directly at the spammers, raising the hoop a bit higher and perhaps winnowing out the less 'professional' among them.

    The only sure cure for spam, of course, is to take the battle one step further, by consuming all the resources of the advertisers directly - call their phones, request literature, place fraudlent orders with non-existant CC numbers (that, of course, pass Luhn MOD 10 checking) and provide contact phone numbers that ring forever. This will swamp them with orders that tie up their sales staff, cost them money and ultimately starve them.

    The only problem with "the final solution" for spam is that it takes individual effort on a daily concerted basis. So spam endures by riding on the backs of those so clueless that they actually order products from spammers and those of us too lazy to do anything about it.

    Ain't humanity grand?

    • I would like to find a program from trusted distributor (open source preferably) that would do the following things:

      Would "suck" bandwidth from:
      a) spamvertised sites I find in my e-mailbox; or
      b) spamvertised sites other people I trust received in their e-mail box'es.

      On a)
      So I would pick from my e-mails web-sites I want to go down and feed the to the program. It is absolutely LEGAL. They SPAMED me, They PROVIDED their website, and they WILL PAY for extra bandwidth. I am free to post on the web these websi

  • Did you track the results? (Score:5, Interesting)

    by 0x4a6f6e43 ( 837256 ) on Saturday December 04, 2004 @11:44AM (#10996272)
    Call it what you want but it probably was working. I recorded a drop in spam that started last thursday and was proportional to the number of screen savers in operation. By the time it hit 104,000 savers in operation daily spam was down over 80%. I actually had three solid hours with no spam (that hasn't happened since 9/11). Historically spam rises during this time frame.

    It's odd that attacking websites seemed to have dropped the amount of spam. Makes me wonder just how close the spam servers are to the spam website servers. Maybe the innocent victems we are so worried about are really the spammers.

    Come on all you people - this was a probe - yack about good or evil and POST YOUR RESULTS!

    What did this really do. I can't be the only one who tracks spam. Admins, what do you say?

  • one thing i've noticed (Score:2, Informative)

    by m2bord ( 781676 )
    i report every piece of spam i get and one thing i've noticed since lycos announced this program is the inclusion of the nvidia.com and yahoo.com domain names as active links in the spam.

    this is no doubt an attempt to direct the ddos over to innocent bystanders.

    lycos is going to have to realize that the only way to stop spam is to remove the financial reward to those who do spam.

    don't buy from spamvertised companies and you'll see the spam problem diminish.

  • The mob has tasted blood and wants more... (Score:5, Interesting)

    by volcanus ( 837192 ) on Saturday December 04, 2004 @11:56AM (#10996320)
    For the first time, the angry mob (people around the world with email accounts) have tasted blood and they want more. "The beast is wounded, quick, go for the eyes!"

    It hardly seems important whether the notion of DOS-styled retribution is appropriate or even legal - no such moral or legal considerations have managed to control people's decision to download mp3's and movies for free.

    This is history in the making, and as I see it, the real story is this; we have been victims with no means of defending ourselves, while our frustration and anger grow without end. Suddenly a revolutionary appears on the scene and give us hope, showing us how we can fight back.

    It's no longer an issue of whether or not we will, or should fight back - the mob has tasted blood and will have more. As far as I'm concerned, it falls to forums like this one to "think-tank" relatively responsible solutions, and I've heard some good ideas here in the last week.

    We all know someone is sitting in their basement right now, pulling an all-nighter, writing the next tool of mass-retribution, fueled by strong coffee and an even stronger hatred of spam. I suggest that if cooler heads are to prevail in any manner, it will be by creating a less-malicious tool of retribution, one which attempts to focus the attacks on legitimate "military targets" by requiring manual human selection of the targets, not by letting some distributed software select the targets automatically. Better hurry, the latter approach is probably more tempting to programmers who have succumbed to the blood-lust...
    • I've seen several mentions of "have your email program open all the links in spam."

      I'm betting someone is modding Thunderbird to do this with any message that winds up in the spambox as we speak.

      Of course, this would make everyone using such a program an unwitting participant in a Joe Job:
      I want to bring down a web site, so I spam a link to it, and a million anti-spammers's mail programs visit the URL in a short period of time, knocking it offline or raising the bandwidth costs.

  • Lycos was close but not quite... (Score:3, Interesting)

    by MrIcee ( 550834 ) on Saturday December 04, 2004 @12:39PM (#10996481) Homepage
    I think there is an attractive solution here, Lycos just missed it.

    Instead of attacking the site, the screensaver instead should have merely hit each URL in the email body once, just as the users EMail client would do. It should then take the most prevelant URL to the website in the spam (prevelant meaning the one appearing most) and fetch the page and again fetch each image (etc) url on that page, just as what would happen if the user had clicked on the link in the email.

    Why do this? Well, for one, it will make the spammer a very very lot of money very quickly. But two, it will cost the spammers customer a huge amount of money without any sales. The cost of doing business this way would be too high (assuming enough screensavers to do this). and spammers would either have to shift their model or pick another industry.

  • "I find the anti-spam downloadable DDoS tool to be without a doubt irresponsible, possibly illegal, sets a really bad precedent, gives the wrong impression to users, and possibly the dumbest thing I have heard of this week,"

    Now that's what I'd call strong condemnation. Yeah, right! Not even the dumbest thing of the month. Oh, yeah, the SCO suit is still in the courts.

  • Is Lycos Responsible? (Score:3, Interesting)

    by Nom du Keyboard ( 633989 ) on Saturday December 04, 2004 @01:37PM (#10996704)
    Is Lycos really responsible?

    They didn't use it themselves.

    They fully disclosed to users the functions of this screen saver.

    The users intentionally downloaded it, agreed to the terms, and knowingly ran it.

    I'd think blaming Lycos is legally dubious, at best.

  • Vigilantism is sometimes good. (Score:3, Interesting)

    by hkb ( 777908 ) on Saturday December 04, 2004 @02:02PM (#10996853)
    The word's laws aren't protecting us, so this sort of thing is needed. These people are committing crimes of theft of service (including bandwidth, server resources, man-hours), and possibly hacking laws, with some of the methods they use (VERIFY, the use of mangled headers to bypass SMTP server protections, etc)

    What happens when the law won't protect you? Sure, you possibly endure the crime being committed and lobby for laws. Or you go vigilante on them.

    What happens when you're on the Internet with hundreds of different governments? You can't lobby them all and when you get laws in one country, they just move their operations to another.

    You're essentially shit out of luck here, and vigilantism/mob justice is in order. You don't have to like it, but don't stop us.
  • Given that Lycos isn't exactly hot property this might present an excellent opportunity for them to actually make some money. How if they start selling access to their DDoS network of screensavers? Heck, they've already deployed the platform, all they need is to start feeding the screensavers URLs again.

    "Got a competitor? Wanna drown his website? For only $99.95 a day we will pin down your competitors website so he won't be able to do any business! Satisfaction guaranteed. Proven technology as seen o

  • ...Bittorrent sites report that the attack on their website has stopped.

Slashdot Top Deals

Receiving a million dollars tax free will make you feel better than being flat broke and having a stomach ache. -- Dolph Sharp, "I'm O.K., You're Not So Hot"

Close