Slashdot Mirror
Lycos Declares War on Spam Servers
Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."
This is Lycos Europe, not lycos.com, two totally different companies that shares nothing but the name and the logo.
Well, to be perfectly honest, people trying to blacklist specific dynamic IPs (or even small ranges of them) are just showing their ignorance of how the net works.
Part of verifying IPs as spam sites should include the obvious; checking to make sure it's not an IP in some ISP's dynamic IP pool.
This type of checking is already implemented by some ISPs when deciding if email should be accepted or not by their mail server. (My boss set up a small mail server on his Charter cable connection, for example. Charter, instead of issuing him a true static IP, decided to give him a "fixed dynamic IP". Basically, they just punched his network card's MAC address into their DHCP server and told it to always issue him the same IP out of their dynamic pool.) This causes his mail server to be unable to handle emails destined for AOL, because they know his IP is in a dynamic range for Charter.
Sometimes, I've seen my own dynamic IP come up as blacklisted on services, but a closer inspection typically shows they just blacklisted the whole ISP, or at least their whole pool of dynamic addresses. These types of bans are usually temporary measures put in place because they're having problems coming from somebody on that ISP and they can't afford to wait around until that ISP co-operates with them to track down the individual doing it.
Don't be silly. If someone leaves themselves logged in, you put goatse in their startup.
Santa's suicide mission go!
I'm not sure which spam gang does this at the moment, but Empire Towers would be the best bet. (They use tricks like asymetric routing to spoof the source of a TCP connection. They can make it look like a huge amount of spam is coming from a dial-up connection on an ISP with outgoing port 25 blocked. ;^)
One line blog. I hear that they're called Twitters now.
Not all spammers get $$ by people buying somthing from them. Sometimes the site linked to in the email has a referer in it and leads to some site other than the e-mailer's and they get paid based onthat reffer id being assosiated with a particular non-acredited mortage loan for penis enlargement pills.
There are other ways they make money, and some is just random guessing to find valid emails (via various mechanism) for re-sale to other spammers.
I'd swear some of this spam is pure bs to entertain the spammer who could care less about making $$ than simply seeing how many people he piss off with idiot e-mails and chain letters(AOL in conjuction with microsoft and the fda are tracking this e-mail, send it to 183 close friends in the next 27.34 minutes or we kill a kitten and you'll come down with warts!).
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
The spammer's DNS will never come into it. All the screen saver has to do is to send a request directly to the spammer's IP address. No lookup, no DNS.
The race isn't always to the swift... but that's the way to bet!
A company that brands a product "Lycos Sidesearch" that Ad Aware finds as spyware isn't going to get me to install their screensaver; I don't care how long the name has been a brand on the Internet.
Do not look into laser with remaining eye.
Linky to your 5-15% stats?
This comment is guaranteed*
*not guaranteed
Asymetric routing, like all spammer tricks, involves cheating. All your packets (including TCP handshake packets) do go to the proper IP address on some DSL or dialup line. However, once they get there, they get relayed to a box connected to the spammer's fat pipe. The reply (a large web page or spamming attempt) goes out the fat pipe with the forged DSL IP address and proper sequence information, and naturally spammy's provider doesn't do egress filtering.
That way you can seem to get a huge amount of data from some dinky connection, even though the ISP has blocked outgoing packets from that port. If the dinky connection only sees the TCP handshakes and HTTP requests, that's not much traffic. (And spammy has bunches of them.) How the relay for the dialup to the fat pipe happens might be tricky, or it might be a dialup connection from the same box that has the fat pipe. I dunno.
Think about it a while if this doesn't make sense. I didn't really believe it either until I saw a web server on a dialup delivering data at Ludicrous Speed.
One line blog. I hear that they're called Twitters now.
This was my first reaction too. I downloaded the s/w to analyse it, the MacOS-X version is not a standard bundle, just a carbonised ppc executable. /Users/john/Library/SWF Desktop/SWF Desktop.app ?? .biz .ezybrzy africa bigger lonely & buyherb
strings reveals some blowfish setups, in a screensaver?
some filecopywithcompression, which might be just sloppy compilation...
chmod 777 hmmm,
and buried in one section of binary Shakespeare's monkeys have inserted amongst the other bits & bytes
Anybody with a sandpit network like to see what comes out of a machine running this thing?
If you control the host of the IP you're spoofing from, then you know the sequence numbers and can generate valid ones from your spoofing host.
The real problem here is that responsible network admins need to egress filter their networks to stop spoofing. This would solve a lot of problems internet wide. Sadly, it takes valuable router horsepower.
--
lds
No. Here's a coherent explaination (with ASCII arrows even) of it by someone else. I'm not sure there is a fix except enforced egress filtering. (Enforced how and by whom, got me.)
One line blog. I hear that they're called Twitters now.
I made a small dump and let it run for a little while before I quit it. http://students.depaul.edu/~bengert/dump.zip
Hmm, ever heard of something called Internet Relay Chat?
/me command is quite popular, as it creates a special type of 'action' command.
the
if I were to type in '/me ducks for cover' into a IRC session, it would show on the screen something like this
AC: blah blah blah blah
NeuroKoan: bleh blah bleh blah
AC: hahahahaha
NeuroKoan ducks for cover
AC: lol
"However," replied the universe, "The fact has not created in me A sense of obligation."
This whole idea was published on the Swedish website Spray.se (A swedish ISP/Free email/Portal) about a month or so ago here:
http://makelovenotspam.spray.se/
Spray is in turn owned by Lycos, which explains both the development of the screensaver (in Sweden as per your info) and it's propagation through Lycos via Spray...
Question? You mean "What, of use to a Westerner, could they offer to counter that?", where "that" is spam, presumably? Your "atttitude is based on facts"? Such as "TONS of spam comes from them"? Okay,if you block every continent that produces spam, you're left with an Internet comprising Antarctica. I repeat: America generates most of the world's spam. (I'll refer you to ROKSO if you want to dispute that.) What can YOU offer to counter that?
What is yours based on, besides a martyr complex?
Being a martyr requires being a willing victim. I've just been messed up by simplistic xenophobic American policies, like those so eleoquently advanced by yourself. Unfortunately there's a lot of that around these days.
This is an interesting statistic. Do you have a source for it?
Guardian Unlimited: Mail out of order:"Boca Raton in Florida is...the spam capital of the world....There are really only 150 spammers doing 90% of all the spam we get in the US and Europe... at least 40 of them are in Boca Raton."
Also see ROKSO.