Slashdot Mirror
Lycos Declares War on Spam Servers
Psychotext writes "The Register have posted a story about a new screensaver from Lycos that targets known spam servers (taken from spamcop and verified by hand) with traffic in order to raise their bandwidth costs and hopefully price them out of the game. Lycos state that this is not a DDOS as Lycos monitors the site's responsiveness and throttles back when the site starts to falter. The screensaver is available here for Mac OSX, Mac OS9 and Windows, though you might need to lie about what country you are from." Reader JohnGrahamCumming writes "As part of preparing for the MIT Spam Conference I've put together a survey on what people are experiencing out there with spam, what they are doing about and followed it up with a test of different views of an inbox filled with spam and ham. You can take the test and be part of the survey results in January."
--
Power to the Peaceful
...too bad this also wastes bandwidth across the net.
I'm sure Lycos will love it when the spammer updates their DNS to point to Lycos.
Seems like they're just sinking down to the level of the spammers in order to try and fight them. As much as I hate spam, I cannot get behind this kind of activity. They're just adding more useless traffic, in the name of justice. Sorry, nice idea in theory, but I sincerely hope it never takes off.
I like how they state, even though that this screensaver overwhelms the server with requests, and can from many different sources, IT IS NOT A DDOS!
Actually, it's a great idea, now only if a cool Open source dev would make an open version of this and take away that whole throttling thing.. who would they sue?
It would be the gnutella of ddos's!
Excuse me, I don't mean to impose, but I am the ocean
This will never survive the legal challenges it will face. At least some of these companies can claim to be "legitimate" businesses. Of course if they just produce the list of addresses we can surely work out something involving wget for ourselves.
Humor from a Genetically Molested Mind
With all the blackhole lists, private IP filters and now screensaver-based DDOS, large parts of the IPv4 address space are becoming wastelands that won't be inhabitable even after spammers are driven out. Heck, a friend of mine just heard that a few class A blocks were just assigned to APNIC and immediately firewalled them off. There's got to be a better solution!
We all know: This is NOT spam!!
;)
Now we got: This is NOT a DDOS!!
Oh well, we gotta try a few things to try and bring the spam down
Any technology distinguishable from magic, is insufficiently advanced.
This doesn't seem like a very constructive solution. Hiking up bandwidth costs of spammers will certainly not solve any portion of the problem, as we've seen how much these people rake in. Not to mention the questionable ethics in a process like this. Lycos would be better off trying to work with other companies to try and somehow blacklist or filter all this garbage traffic instead of adding to it. As it stands, this is just some pathetic pissing match. Nice going, Lycos.
Try actually thinking for yourself. It's quite refreshing.
"Lycos state that this is not a DDOS"
"though you might need to lie about what country you are from."
While I'm all for taking down the illegal scammers, making this a battle of dirty tactics doens't really seem to have an upside. Seems like it is too easy to backfire as spammers have already showing lack of morals in pairing with virus and trojan writers. This is like two armies of zombies fighting each other as the master's watch from afar. I think I have seen this on a TV show one. The side of evil believes the conflict makes is stronger while the side of light also manipulates the lessers. How will this all end? "In fire!"
Cave, wreck, and deep diver.
they can call it "NOT a DDOS" all they want, but it doesn't really change the facts. Technically speaking, they are right, because they are not trying to cause a Denial of Service, but I think that really in spirit it's not much different enough. While I certainly have no sympathy for spammers, I know that this is certainly not something that I'm going to be installing, as someone living in the US, because it seems to me that it's certainly possible for someone to win a lawsuit against the company or the people running this software.
Famous Last Words: "hmm...wikipedia says it's edible"
Bad idea, Lycos - nobody (no human, anyhow) likes spam - but the rest of us have so far refrained from crap flooding the net to stop it.
-- Cheers,
-- RLJ
Lycos is wrong on this one. Part of the problem with SPAM is that despite the appearance of email being free, there are hidden costs (Kind of like environmental impact costs). In the case of SPAM the costs are bourne by the ISP / bandwidth providers and the recipients time, energy, and money. Lycos makes the problem worse for the ISP.
Hell, if I were a SPAMMER, why not add some third party advertisements to my SPAM page. Perhaps each hit from these screensavers would generate revenue for me!
I'm also having trouble seeing how they claim this is not a DDOS attempts. Obviously by increasing the number of screensavers in use, the load increases on the target sites. Perhaps a new concept--the DDOP--distributed denial of performance? Keep flooding until ping time of site is > 30 seconds. Still sounds illegal to me.
This is a straight carbon-copy of a system that a Swedish ISP launched a couple of months ago.
The campaign goes under the name "Make Love Not Spam", and you can find it here.
When in doubt, act determined. Business 101
What is to stop the spammers from doing a reverse DDOS on you? They would have your IP address, and would enjoy wasting your bandwidth too. My guess is they have a lot more bandwidth than most of us do. They aren't exactly people I want to mess with. If nobody buys their stuff, they would go away. Unfortunately that's the only solution I see to 'fix' the problem.
Isn't this the same as the "Artists against 419" site is doing?
The real "Libtards" are the Libertarians!
GREAT IDEA!
Provided one's server isn't mistakenly targeted (and I'm positive they'll eventually either friendly-fire or mistype an IP).
An effective signature identifies a particular user amongst a base of thousands.
I don't want my IP in the hands of someone with the morale of a spammer [server logs].
Let alone any "carefully picked host", certainly not at times I'm not there to observe what happends with my machine[screensaver].
Nah-uh.
I think we can keep recursing like this until someone returns 1
Note also that this is for Europe only. While there is nothing from stopping you from downloading and running this program outside the US, it is technically for europe only.
Even if you check the site, it explains how site it "targets" are slowing response times.
Is this shady, yes.
Question? If you are being harmed by something and want it to stop and there is no other recourse but to take the matter into your own hands, is that wrong?
Answer: It's up for debate.
If someone was on a daily basis causing me to sift through hundreds of emails, losing important messages, having the spam filter delete it accidentally, or having to wait for everything to update in order to assure that I have all my mail, then yeah this is justified.
They care not about your resources, time, or anoyance levels, why the hell should you?
Vigilante justice is not pretty, but it does get the job done.
Ignore the "p2p is theft" trolls, they're just uninformed
This is a stupid idea and will only serve to irritate the rest of the Internet. As much as they'd like to think it's not a DDos, it most certainly is, and they're just sinking to the spammer's own level.
I hope Lycos rethinks their plans, or I fear the retributions will be far more damaging. Any net user who downloads this software is going to leave themselves open to prosecution.
Oooohh, this is such a bad idea on so many fronts.
1) They're going to get sued. Not just sued, sued a whole lot. Asses in a sling kinda sued. Spammers that are making good money have the budget to sue, and really Lycos is completely in the wrong here. Morally, sure spam sucks. But you can't do it this way.
2) It's against so many different TOS's that isn't even funny. With very very very few execptions, users can't legally run it (check your provider's TOS). They're opening every user up for:
a) federal charges.
b) lost ISP connection.
c) Lawsuit for damages from the spammers.
3) So you flood a facility with an OC3. Now not only have to screwed up one guy's day, you've screwed up everyone's day at that facility. Or worse, the screen savers send such a load to knock down a server, that they inadvertantly overload a few major peerings instead.
How about this for a proof of the point. I have a GigE connection in 3 different cities. My provider has multiple OC192's heading all over the place.
I rig up something that can handle a 1Gb/s through it, that can take the abuse, and still appear to be functional. Come on, think creatively, it's not that hard to do. I can serve 1Gb/s of web traffic with 6 machines. Actually, I do with 15 machines, at a very low percentage of their capability. So no matter what they throw at me, they can't take the servers or my line down.
Or worse yet, they attack me, so I flood them back with 3Gb/s. I'd bet I can swamp lycos.com. Sure, they'll bitch. They'll moan. They'll threaten lawsuits, but I returned exactly what they were doing. More than likely they'll lose in court.
Isn't there a rule for iptables to redirect traffic coming into one IP, into another one? a one-liner, if I remember right.
Lycos DDoS's me. I set up machines to redirect the abusive traffic to say whitehouse.gov, ftc.gov, or lycos.com. Ah, lets play nice here, lets redirect the traffic to google.com, and watch the lawsuits really fly. So Lycos makes a valiant attempt to knock Google offline. That'll go over really well in court.
Or, as one comment in here already said, if they do it by DNS names, just change the DNS record.
bad.spammer.com. IN CNAME lycos.com.
or
bad.spammer.com. IN A 209.202.248.202
bad.spammer.com. IN A 209.202.216.27
(That's what Lycos resolves as for me)
or just negate it entirely.
bad.spammer.com. IN A 127.0.0.1
or have a little fun.
bad.spammer.com. IN A 255.255.255.255
And [insert deity here] forbid, someone compromises the machine which controls this action. If I were an evil hacker (hush you people in the crowd), that'd be a great play toy. Wanna knock off some competition, just point Lycos to them, and turn off their ability to throttle.
I'd be *REALLY* pissed if I was hosting one, or there was a compromised box somewhere off in a corner that I didn't know about, and they decided to knock one of my networks offline.
Most spammers move around so frequently, attacking a particular hostname or provider really doesn't freakin' matter. They change the domain the links go to, and start sending again. The usable age of a spam is only 3 days. Spammers consider if it hasn't been read in 3 days, it's not going to be read.
I wish them luck, and hope they have a big enough budget to keep their executives who came up with this brilliant scheme out of federal prison. I sure as hell hope they don't accidently point at me for being a target, 'cause sure as hell they won't be on line long.
Actually, with an announcement like this, they've opened themselves up for being the blame of almost any DDoS attack.
Serious? Seriousness is well above my pay grade.
[standard disclaimers about letting your users install their own software apply here]
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
Hey I ran it for about 2 minutes, had my fun and threw it in the trash. While a quick zap it to ya spammer might be fun, fact is this will do very little.
I mean, most hard core spammers are using malware to get clueless users to spam for them and the rest are being hosted by companies who are either offshore or just don't care about what their users do with their bandwidth.
For me, a locked down sendmail server+procmail loaded with SpamAssasin+Razor and to top it off, a Bayesian enabled POP3 Clients all come together to eliminate approx 99% of my spam, so I only see a few per week.
That to me is what the world needs -- every sendmail server not allowed to relay, inboxes protected and every email client using filters.
Then and only then will the spammers be truly hurt -- when clueless idjits don't get those emails in the first place and thus, can't click those f*cking links.
Considering AOL, Earthling and other ISP's are starting to put all this in, that day may soon be at hand.
Have you noticed how makelovenotspam opens in a new window even in tabbed browsers then loads in the page hidden behind the new window "Our offers" from Lycos.
:\
Perhaps we should DDoS the goits for pushing adverts to people without their consent in an underhand fashion? Oh, no, if WE tried that they would airdrpo a million lawyers on us in a heartbeat
Beep beep.
90% of the spam I get is coming from zombies attached to cable or DSL. The only this will do is make network access slower for the owner of said compromised computer, and it's probably already slow as hell because of all the spyware and trojans on it. It's just going to raise costs for the rest of us on cable that aren't unwillingly sending spam.
Additionally, what about the mom and pop ISP with 2 T-1's and a bunch of DSL customers? All you are going to do is saturate their lines, doing almost nothing to harm the spammer. I suppose it will force smaller ISP's to implement a deny outgoing port 25 rule, which they should all do anyway. My ISP does this, however, I can call them and tell them I run my own mailserver, and they open it for me. It's the people that are clueless that they worry about.
Need Free Juniper/NetScreen Support? JuniperForum
This is my first troll. Yet I must do it.
I'll do almost anything to stop spammers.
I don't care if I am reducing myself to their levels.
They did not care, neither shall I. They have gone too far. Expect no mercy.
Fight!
Adolfo
So, they've written an app whose purpose is to perform a DDOS...How long before a trojan or a virus takes control of this app and make it go after someone else?
If the app is trusted by your local firewall, getting a connection out to wherever you want it to go wont be an issue...
Well, to be perfectly honest, people trying to blacklist specific dynamic IPs (or even small ranges of them) are just showing their ignorance of how the net works.
Part of verifying IPs as spam sites should include the obvious; checking to make sure it's not an IP in some ISP's dynamic IP pool.
This type of checking is already implemented by some ISPs when deciding if email should be accepted or not by their mail server. (My boss set up a small mail server on his Charter cable connection, for example. Charter, instead of issuing him a true static IP, decided to give him a "fixed dynamic IP". Basically, they just punched his network card's MAC address into their DHCP server and told it to always issue him the same IP out of their dynamic pool.) This causes his mail server to be unable to handle emails destined for AOL, because they know his IP is in a dynamic range for Charter.
Sometimes, I've seen my own dynamic IP come up as blacklisted on services, but a closer inspection typically shows they just blacklisted the whole ISP, or at least their whole pool of dynamic addresses. These types of bans are usually temporary measures put in place because they're having problems coming from somebody on that ISP and they can't afford to wait around until that ISP co-operates with them to track down the individual doing it.
Kungsgatan 6
Stockholm, 111 43
SE
[Administrative contact] Brockman, Didde
Starring Ltd AB
Kungsgatan 6
111 43 Stockholm
SE
Email: technical@starring.se
Phone: +46 8 6144600
Fax: +46 8 6144610
The sites use Lycos logos, but it's not at all clear that Lycos has anything to do with this. While these sites link to Lycos, there's no obvious link to it from the Lycos main page.
(on a business network) many of your users install and run the screensaver and suck up your own bandwidth as well as that of the spammers.
I installed it and it doesn't seem to use much bandwidth (MacOS X). It does, however, seriously cut into the Folding@Home CPU cycles, so I'm not sure how long I'll play with it. I think I'd rather help cure diseases than DDOS spammers, even though the latter is immensely satisfying...
So they're creating a service designed to cost spammers money. It seems to me that computer crime generally gets classified as using computer resources in a way not intended by the provider and in a way that costs the provider money. Lycos isn't just opening themselves up to lawsuits, they're inviting criminal prosecution. Anyone using the client would be subject to the same kind of risk.
Actually filling this one in was harder than I thought it would be. I guess because I'm too lazy to think up new catagories that consicely summarise the objections we've seen. Nevertheless...
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it [well, we'll find out if this is illegal once Ralsky et al. sue]
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam [providing Ralsky et al. with enough funds to make the court case long and bloody]
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Inethicality of slowing the entire Internet down, when a handful of spammers are responsible for 99% of our spam
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Having been on the wrong end of a spam cop report several times, I feel for the innocents who are about to start having their mail blocked AND get bombarded with extra traffic. Just how many lawsuits will ensue?
Will anyone win but the laywers?
paul reinheimer
I like the idea because its grounded in destroying the economics that make spam profitable. Why not make it hurt more:
For example take a piece of spam advertising a site which provides no contact information and which replys on form submsissions to promote a product. Take random (but meaningful) data, such as fortune strings, delimited to smallish lengths for each field, and wget form submissions every few hours | minutes | seconds. Any legitimate inquiries are lost in (likly literally) an unceasing email bomb sponsored by lycos.The destinction here, is that rather then costing them more you are litterally losing them the tiny fraction of respondents which make spam profitable, this renders the model unprofitable and makes any attempt to offset the cost ineffective.
I take great satisfaction in ensuring that a spammers time is wasted to a greater degree then my own. Given the products that are often peddaled via spam a quick forward can often ensure this, for instance forwards to enforcement@sec.gov have resulted in six lawsuits (and counting) this month alone. There is a great forward for almost any ware, but medication, promotional stock tips, and cheap (generally pirated or edu version) software are some of the most fun - despite my dislike of Microsoft and the Government I relish the thought of their respective legal teams gunning down a newbie floridian who mistakenly purchased my address.
How do I keep track of people who are fingering
Second that. Producing more crap to fight crap leaves only losers.
Knowing how sneaky spam operations work (zombie networks etc.), I think that filtering/counter measures will never truly solve the spam problem, and that an effective solution will be economics-based.
One reason for the huge amounts of spam is that each single message has on average very little value for the recipient, and IMHO a good approach would be to increase that value. In a way: help spammers to reach an interested audience in a more targeted, specific way. So that not 1 in a million, but eg. 1 of every 50 mails sent produce a paying customer. Less effort for the spammer, less traffic, less annoyance, basically a win-win for everyone.
For that, you would need a way for recipients to 'advertise' what they're interested in: how many messages they want to receive, product types, type of organisations they'd like to hear from etc. Maybe in a system similar to publishing a PGP key or the "Geek Code". If a recipient has a way of indicating that (s)he is interested in viagra pills, then a spammer/advertiser can focus on that group, instead of spamming a huge amount of random people. Something that lets you tell 'the world' what you consider useful (or not) to find in your inbox, so that spammers/advertisers don't need to bother millions of uninterested folks to find a dozen customers. This would also put the burden of finding customers (selecting a target audience) on the spammer, instead of on the recipient (spam filtering). Ofcourse you could devise such a system in 1001 ways (preferably highly automated). Food for ongoing research...
How long will it be before we see an open source clone of that on sourceforge?
Of course it will do nothing for zombie sites that are hosted on trojan/worm/virus hacked machines. That would just punish the technically incompetent victim of spammers.
Microsoft is pure dog-ma. FreeBSD is pure cat-ma.
You scare me.
Stay tuned for new sig...
So when lycos have there servers hacked, which will happen making themselfs a huge target by having so many zombies to control, hackers will spend all there effort hitting lycos. And when they do gain control over the Millions of ScreenSaver Zombies who will be held resonsible for there actions and stupidity? And when this hacked network of Zombies DDoS some Copmany, I guess the lawyers over in Lycos will not be in for a good day. Anybody else see this turning into a huge mess 6 months from now?
While this is an appealing idea, swamping the spammers web site to increase their bandwidth costs is not going to really work. Like another poster indicated they would need to enter random data into the order pages to make it difficult to extract legit orders. Remember most spammers are probably buying their bandwidth at fixed cost rates. So while this may use a lot of their bandwidth it is not going to prevent legit orders getting through.
What should really be done to curb spammers is to have all major ISPs implement the following:
1. block SMTP for all users and force them to route thier email through the ISPs email servers. Permit users to request port 25 be opened up. This would block all the spam generated by zombie machines (probably greater than 90% of spam comes from such machines.)
2. Implement greylisting on the ISPs email servers. This blocks better than 90% of spam being sent today since it mostly comes from zombie machines.
3. Utilize the block lists that contain the web sites the spam sends people to to block those IP addresses at the main routers on the back bone.
By implementing these items across all major ISPs, virtually none of the spammers messages would get through to the dupes that actually buy the crap. If you can dry up the responses to spam then the business model should fall apart and die. At least one can hope.
Many people apparently don't really understand that this new screensaver is not going to punish the zombie machines owners by using up their bandwidth. It is aimed at costing the owners of the web sites that collect the orders. Which kind of the right idea. But I figure most of those sites are not using metered service but have ordered at minimum full T1's and probably have more than that dedicated. So trying to run up their bandwidth costs is probably not going to impact them that much.
Impementing the three items outlined above is guaranteed to have a major impact on spam.
Dude, I don't know what the fuck is going on, but you better pay up.
Sam Leahy
Collections Dept.
Northeast Gas Corp.
Course that's only 100 people, imagine a few hundred or thousand, it could easily shutdown small online vendors or personal websites, hurting average people if the idea is altered a little and falls in the wrong hands.
my karma will be here long after I'm gone
Interesting lead, I followed it trough some more and checked their site
Luckily, that explained the situation, starring is a marketing company, that were contacted by spray(a Lycos company in Sweden) to Get more people to start using Spray's e-mail service.
There you have it, it is all a marketing campaign to attract more users to Spray(and Lycos) mail. I guess they made it quite well, mentioned on slashdot and all...
This is really hilarious. They are expressly trying to use up the portion of bandwidth spammers *aren't using*, and getting everybody to install a Lycos screensaver! And they aren't even addressing the fact that a spam-serving network is undoubtedly well-resourced and has more heads than medusa. Hah! Too funny. Well except for anybody who happens to actually need bandwidth for non-spam purposes. It's like setting fire to a spider web, you just burn yourself out.
This is not a DoS (well it would be if it worked). It is just PR. Suddenly it got everbody saying "Lycos", front page on slashdot, etc., and it probably isn't even aimed at people who could figure out the problem. Most people will say great Lycos is taking a courageous stand, etc.
If Lycos was really serious about stopping spam, they should put the technical, managerial, and public relations resources they are dumping into this and go after the spammers one at a time. There are a finite number of people doing this in the world, and a corporation that wants to hunt them down can do it. Just follow the money, maybe buy some spam from these guys to confirm it. Then decide what to do about it. They might even consider posting a list of spammers, companies that profit from spam, and spam purchasers, on the net. Though that might make it hard to do subsequent investigations into spammers.
Well that's one thing they ought to do instead of this. Personally I think it would be better PR if they actually made some positive results in reducing spamming (with scientific proof) and publicized *that*. So this could maybe be called a half-assed DoS and a half-assed attempt at PR for mainstream technophiles, but on the whole it is just silly and wasteful. Thank god my fiber connection is nowhere near them.