Slashdot Mirror
Lycos Declares War on Spam Servers
Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."
I like how they state, even though that this screensaver overwhelms the server with requests, and can from many different sources, IT IS NOT A DDOS!
Actually, it's a great idea, now only if a cool Open source dev would make an open version of this and take away that whole throttling thing.. who would they sue?
It would be the gnutella of ddos's!
Excuse me, I don't mean to impose, but I am the ocean
"Lycos state that this is not a DDOS"
"though you might need to lie about what country you are from."
While I'm all for taking down the illegal scammers, making this a battle of dirty tactics doens't really seem to have an upside. Seems like it is too easy to backfire as spammers have already showing lack of morals in pairing with virus and trojan writers. This is like two armies of zombies fighting each other as the master's watch from afar. I think I have seen this on a TV show one. The side of evil believes the conflict makes is stronger while the side of light also manipulates the lessers. How will this all end? "In fire!"
Cave, wreck, and deep diver.
Isn't this the same as the "Artists against 419" site is doing?
The real "Libtards" are the Libertarians!
Hey I ran it for about 2 minutes, had my fun and threw it in the trash. While a quick zap it to ya spammer might be fun, fact is this will do very little.
I mean, most hard core spammers are using malware to get clueless users to spam for them and the rest are being hosted by companies who are either offshore or just don't care about what their users do with their bandwidth.
For me, a locked down sendmail server+procmail loaded with SpamAssasin+Razor and to top it off, a Bayesian enabled POP3 Clients all come together to eliminate approx 99% of my spam, so I only see a few per week.
That to me is what the world needs -- every sendmail server not allowed to relay, inboxes protected and every email client using filters.
Then and only then will the spammers be truly hurt -- when clueless idjits don't get those emails in the first place and thus, can't click those f*cking links.
Considering AOL, Earthling and other ISP's are starting to put all this in, that day may soon be at hand.
Have you noticed how makelovenotspam opens in a new window even in tabbed browsers then loads in the page hidden behind the new window "Our offers" from Lycos.
:\
Perhaps we should DDoS the goits for pushing adverts to people without their consent in an underhand fashion? Oh, no, if WE tried that they would airdrpo a million lawyers on us in a heartbeat
Beep beep.
Now, they aren't the first to come up with this sort of attack against spam. Lots of geeks (myself included) have run continuous wget fetch sessions against particularly annoying spammer sites. There's a program called "Spam Commando" or something similar which fills out spammers' web forms with bogus but real-looking inquiries, thus wasting the spammers' time. I've thought several times about writing a little win32 app to do what Lycos' screensaver is doing, but couldn't get past the obstacle of "why would people trust my list of spam sites and use the program?" I should have thought of partnering with Spamcop
In any case, this is the first time that a company, as opposed to some guy in his spare time, has stepped up and said "Hey, we think this is a good idea." And that's all it takes. This sort of thing generates press. The press will probably lead to lawsuits, as you point out. The lawsuits will inevitably lead to Lycos disabling the screen saver.
But here comes the beautiful part:
That's where a few geeks step in and take over.
Look at Gnutella. Nullsoft got bitch-slapped by AOL and told "you can't do that." The rest of the internet replied, "maybe you can't, but we sure as hell can."
Mark my words, if legal action shuts down Lycos' screensaver, a free, open-source, anonymously distributed alternative (or three) will take their place.
Thanks, Lycos, for shouldering the initial risk.
This is my first troll. Yet I must do it.
I'll do almost anything to stop spammers.
I don't care if I am reducing myself to their levels.
They did not care, neither shall I. They have gone too far. Expect no mercy.
Fight!
Adolfo
So, they've written an app whose purpose is to perform a DDOS...How long before a trojan or a virus takes control of this app and make it go after someone else?
If the app is trusted by your local firewall, getting a connection out to wherever you want it to go wont be an issue...
Kungsgatan 6
Stockholm, 111 43
SE
[Administrative contact] Brockman, Didde
Starring Ltd AB
Kungsgatan 6
111 43 Stockholm
SE
Email: technical@starring.se
Phone: +46 8 6144600
Fax: +46 8 6144610
The sites use Lycos logos, but it's not at all clear that Lycos has anything to do with this. While these sites link to Lycos, there's no obvious link to it from the Lycos main page.
(on a business network) many of your users install and run the screensaver and suck up your own bandwidth as well as that of the spammers.
I installed it and it doesn't seem to use much bandwidth (MacOS X). It does, however, seriously cut into the Folding@Home CPU cycles, so I'm not sure how long I'll play with it. I think I'd rather help cure diseases than DDOS spammers, even though the latter is immensely satisfying...
I wrote a proof of concept once, similiar to your form filling script.
Someone said that you can't spam and hide it.
I wrote a script to prove you could. It took about 20 minutes to put together to my satisfaction.
I had 3 files. A names file, a domains file, and a words file.
It would take one to three words from the "names" file, and generate a name. It would take some combination of those, sometimes with a random character or two, and then take a random domain from the "domains" file, to form an Email address.
I'd then take the "words" file, and make a subject line 2 to 15 words long, and a message body that was between 10 and 100 words long.
To some of the messages, I attached arbitrary length attachments (generated as it ran), with filenames from the 'words' file, and I think 8 common extensions (.doc,
I then used a common misconfiguration in web proxy servers (allowing CONNECT), and set it up to randomly select proxy servers to mail through, all over the world.
Then I said "are you sure about what you said 20 minutes ago?"
He said "yes".
I ran the script. He was receiving about 1000 messages per minute, and couldn't tell what was real and what wasn't. They only thing he knew is that he saw text scrolling by on my screen (a little status information for myself), and me laughing my ass off.
There was absolutely nothing consistant with the messages. Different senders, different bodies, different attachments (if they existed at all), and all coming from different "mail servers". The receiving mail server assumes the IP it received from is the previous mail server, so those proxies showed up in the header.
I never did run it against a spammer. It wasn't worth it. You know the 'from' address is bogus anyways. Any address they may list on their site is probably bogus ( remove_me@bad.spammer.com ? ha!). It was proof of the concept that anything can come from anywhere. He couldn't identify that it was me, because the was nothing to identify that it was me. The only way he could have possibly found out that it was me (other than my laughing), was to try to contact these ISP's with misconfigured proxy's, and ask them to give him the IP who sent it through. Good luck. I don't speak any Chinese, and at least 100 of those proxy servers were over there.
Serious? Seriousness is well above my pay grade.
What do you want to bet that ISA could cache it, and ultimately just provide users with an inflated sense of their contribution in making the world a better place?
So when lycos have there servers hacked, which will happen making themselfs a huge target by having so many zombies to control, hackers will spend all there effort hitting lycos. And when they do gain control over the Millions of ScreenSaver Zombies who will be held resonsible for there actions and stupidity? And when this hacked network of Zombies DDoS some Copmany, I guess the lawyers over in Lycos will not be in for a good day. Anybody else see this turning into a huge mess 6 months from now?
It wouldn't help. We'd just have this targetted spam PLUS the shotgun spam we have now. As long as sendng spam is virtually free, in cost and penalty, there will be plenty of assholes willing to use it to the fullest extent possible.
It specifically *doesn't* take down the net. When the responses slow down (either the server has overloaded, or the pipe between the screensaver'd PC and the server is overloaded, which is what you are worried about), the client throttles.
Regardless, you have a choice: use a little extra bandwidth to fight spam, come up with a better idea, or keep the status quo. In lieu of a better idea, and in response to the failings of the status quo, you gotta pay the price to get what you want. In this case, it's using extra bandwidth.
Got a better idea that doesn't involve keeping the status quo?
the rest of us have so far refrained from crap flooding the net to stop it.
I really doubt that, because aside from a literal DDOS, "the rest of us" have never had the chance to "crap flood" the net to fight spam (kind of hard to refrain from doing something you can't even really try to do).
And this is bandwidth used for a specific and desirable purpose, so I wouldn't call it "crap flooding" any more than downloading iTunes songs, watching movie trailers, or checking slashdot every hour.
While this is an appealing idea, swamping the spammers web site to increase their bandwidth costs is not going to really work. Like another poster indicated they would need to enter random data into the order pages to make it difficult to extract legit orders. Remember most spammers are probably buying their bandwidth at fixed cost rates. So while this may use a lot of their bandwidth it is not going to prevent legit orders getting through.
What should really be done to curb spammers is to have all major ISPs implement the following:
1. block SMTP for all users and force them to route thier email through the ISPs email servers. Permit users to request port 25 be opened up. This would block all the spam generated by zombie machines (probably greater than 90% of spam comes from such machines.)
2. Implement greylisting on the ISPs email servers. This blocks better than 90% of spam being sent today since it mostly comes from zombie machines.
3. Utilize the block lists that contain the web sites the spam sends people to to block those IP addresses at the main routers on the back bone.
By implementing these items across all major ISPs, virtually none of the spammers messages would get through to the dupes that actually buy the crap. If you can dry up the responses to spam then the business model should fall apart and die. At least one can hope.
Many people apparently don't really understand that this new screensaver is not going to punish the zombie machines owners by using up their bandwidth. It is aimed at costing the owners of the web sites that collect the orders. Which kind of the right idea. But I figure most of those sites are not using metered service but have ordered at minimum full T1's and probably have more than that dedicated. So trying to run up their bandwidth costs is probably not going to impact them that much.
Impementing the three items outlined above is guaranteed to have a major impact on spam.
It doesn't have to be successful to be a DDoS attack.
It's like saying a rapist didn't commit rape because he didn't ejaculate.
BOYCOT LYCOS. This is wrong, more wrong than spam.
I don't need no instructions to know how to rock!!!!
Mod parent down -1, redundant.
Sorry, but there won't be any one way to stop spam, but there will always be ways to fight it. One method will not cover all bases, but the more methods used, the less frequent we will get spam.
Doesn't a DoS attack effectively shut down a site though? The site would still be up and running, although pretty slow I would imagine. I think this is more of a Distributed Bandwidth Abuse (DBA). The DBA is no better than a DDoS, as it still intends to cause the owner of the site, or sites, headaches over increased bandwith costs and decreased potential sales.
I agree with you about this being more wrong than spam however. You don't fight fire with fire. Personally, their tactics don't make them any different, or better, than the spammers.
Hope be with ye,
Cyan
This idea is based on a fatal assumption: that people who are going to want this type of stuff will broadcast their desire for it. Nobody I know would put in their sig: "Need viagra, please contact me if you have any."
Do not read this sig!
How much bandwidth is already taken up by spam?
The estimates I saw just a day or so back were about 65%. This is NOT trivial. I'm reminded of the Mouse that Roared. I think its time we mice roared loud enough to be heard. Each one of us is a trivial squeek, but if 40 million did it, that would be a roar that no regulatory agency on the planet would dare touch with a 1000 foot pole.
If 10% of the planet jumped on this particular bandwagon, the problem would be self solveing within a week. Then we would have the net back until it got out of hand again, at which point we all bite the bullet of poor laggy service for a few days again. Wash, rinse, repeat until sufficient hell is raised to solve it 100% legally, even in N. Korea. If they (N. Korea) cannot pay the bandwidth bill and get disconnected, most of us would see an immediate 50% drop in spam. They have been rbl'd several times in the past, and you can feel the difference when this happens without being told.
Cheers, Gene
Those "open" proxy servers in China are set-up so that people can by-pass the Great-Firewall of China without getting flagged by the Thought Police (yes, that Firewall blocks both ways so "foreign" entities can't read domestic sites and vice versa). It's nice to know that we are risking imprisonment and torture so that you guys can use it to spoof spammers.