Slashdot Mirror
Lycos Anti-Spam Screensaver Brings Down Spam Sites
ChairmanMeow writes "According to BBC News, the screensaver released by Lycos Europe that targets spam websites has been a bit too successful at targeting spam sites, bringing down two sites, with a third responding intermittently, and raising concerns that the screensaver amounts to a DDoS attack against spam sites. Of course, spammers deserve to be punished, but will DDoS attacks against spam websites help to curb the problem of spam?" While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.
It's nothing illegal. Just packet spam.
Your ad here.
It's according to Netcraft. Their story is Spam Sites Crippled by Lycos Screensaver DDoS, followed by Lycos Screensaver Site Blocked by Internet Backbones and Lycos Screensaver Site Changed, Now Says "Stay Tuned". F-Secure also says spammers are beginning to fight back by redirecting traffic back to Lycos.
Come on people, primary sources! This isn't elementary school.
Post the links to the sites it targetted, we can finish them off!
can't sleep slashdot will eat me
Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...
Instead of using Adblock we need Ad-Double-Block. With Ad-Double-Block you wouldn't not only block the image but use spare bandwidth to repeatedly click on add banners behind the scenes. If I understand the article correctly, the software reads your email and sends clicks through to the web sites listed that are in a spam box(?) while the screen saver is on throttling back when the site slows. Of course you should be able to configure the pain threshold for the sites.
What a horrible thing to do to those friendly neighborhood spammers. :(
How do we know that the spammers didn't just take their servers offline in response to the attack?
Why not target other sites like spyware/adware/malware sites like Gator?
I don't care if the spammers' servers are DDoSed. They can take their fucked-up business model and shove it, as far as I am concerned.
Good on Lycos for finally having the balls to stand up to these guys. The spammers have been stealing bandwidth off all of us for far too long now.
gadgetophile.com
Who controls the list of "spam sites"? What are the criteria for becomming a victim? I would personally like this process to be transparent before I encourage anyone to participate - I do think they have the best intentions, but the potential for abuse is a bit scary.
That's what sucks about the spam war.. the good guys have to be careful how they deal with the problem to avoid accidentally screwing someone innocent. The bad guys just double their output.
TFA says that the program attacks sited advertised in the spam, thus the source machine of the UCE is not the target.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Spammers will hire scumware authors to write apps that packet sites who target spammers, making the circle complete. Then, the masses (tm) will get infected with the scumware. It isn't that hard to figure out.
When you look at the state of the world, how can you not become a radical, liberal anarchist?
Yes, spammers are evil scum who need a standard NATO round square in the forehead. But this sort of rough and ready justice worries me. An attack on the network is an attack on the network, period. If this sort of thing becomes respectable where does it end?
If it is OK to DDoS spamers, who else is it ok to knock off of the net?
Kiddie Porn?
Regular Porn?
Nazi/Skinhead sites?
Anything YOU think is a 'hate site'?
Anything ANYONE things is a 'hate site'?
Anything anyone objects to for any reason?
Business competitors?
Political opponents?
Anyone applauding Lycos for this had better be ready to draw the line somewhere on that list above and defend why their line is the absolute correct one in language all can agree on or that line will creep down at Internet speed.
Democrat delenda est
Rather, it's a bunch of people coordinating their requests for information. At worst, it's civil disobedience (though not directed at government) or an organized, peaceful protest.
I had a similar idea a while back, where people supportive of a cause could voluntarily elect to permit their computers to engage in simultaneous activity coordinated from a single point. It's cool to see this.
You could've hired me.
...who are always steamed up because the internet is an unperfect place or someone is billboard posting in some usenet group of you didn't read the faq are going to mad at something forever. Why even run anti-spam screen savers when you could be looking for seti or doing some folding or something useful. 1000 years from now spam and drugs and guns and all kinds of potentially bad things will still exist. You won't. Use your time on something useful.
Someone get the world's smallest violin immediately!
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Spammers neither detect odors around me, or allow me to walk. They're more like bacteria than a nose or a foot. So, on a side note, when was the last time you took antibiotics?
Say you don't like Nabisco (pick company of your choice). Pay a spammer to send out millions of spams advertising Nabisco. Now Lycos adds Nabisco to its list, and all those guys running its web server do a DDOS attack on Nabisco.
... as least until one of your arsonists accidentally burns down the murderer's neighbor's house.
paintball
Don't you feel the same? I'm sure you do.
Wouldn't it be great if someone would create a screensaver that would automatically visit the websites of the vendors of these enticing offers and display them on my screen? I'm a fast reader so it would be great if it could show a few each second.
That way, I'd be able to read all about their exciting products without having to do anything at all.
If there was such a screensaver, maybe lots of people would download it. After all, I'm sure we're all interested in the products on offer. And what e-entrepeneur wouldn't want to have thousands of interested potential customers visit his web site every second?
Hey, I like the idea of punishing spammers, but Lycos is playing a game that's very dangerous. They're doing DOS-attacks (by proxy) on servers, and where I live that's actually a crime. While sending lots of unwanted e-mail will get you a slap on the wrist, DOS'ing a machine without written consent actually gets you jailtime. Where is the liability here when someone installs this screensaver? Is the end-user responsible for the DOS, or is Lycos responsible?
Another point on this is that this only brings more traffic to the Internet. I know, what's a few measily packets when people are leeching torrents like mad, but still. While this effectively disables spammers for a while, remember that you can't fight fire with fire (or SYN with SYN in this case).
And what about machines that accidentally get on the list of machines to be abused? Hey, I know that in theory only bad guys get on the list, but I've had enough customers actually get on an RBL while they don't spam.
This is dangerous ground we're walking here, and sooner or later someone is going to call their lawyer. The ISP that provides internet access for the spammer perhaps, or perhaps even the spammer who knows that where he lives sending spam is nothing compared to DOS.
And 25 emails a day advertising V14gra isn't?
-- yawn. --
It's not useless, it serves a well defined albeit misdirected purpose.
The problem is that I doubt the spam sites domain names are hard coded into the screensaver. If they're not, the screensaver has to retrieve them from a remote source, and within days the spammers will simply squelch this uprising by DDoSing that source, rendering this entire approach useless.
*blinking cursor*
I'm not certain how Lycos' software works or where their pool of server names comes from so it's hard to speak to this instance. But If someone sends SPAM to my email account I don't see how they can complain if I browse their site. Now I guess the real question is where is Lycos getting it's list of spammers? If it's some blacklist in their backroom then it's a DDOS plain and simple, on the other hand if it pulls the addresses from the Junk folder in my inbox then I am just responding to their solicitation.
-- Dennis
Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.
It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.
It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"
Last year, Berman tried to pass a copyright measure which would immunize a copyright holder's efforts to stop someone from violating their copyright -- hacking into their system to remove the material, take it off the network, or shut it down.
Fight Spammers!
...NETCRAFT CONFIRMS IT
the Lycos screensaver is dying (but it'll take a few spammers down with it)
They released the screensaver with a fixed list of sites? I thought it would look through your Spam folder in your mail client and visit each web site mentioned there; a much fairer way to do things and perhaps legally safer too.
I know someone has previously suggested making mail clients download every link in a message; the idea is that if everyone did this then spammers would even have an incentive to get 'unsubscribe' working. Yes, it does confirm that your address is live; so what, it was on the spam list anyway.
-- Ed Avis ed@membled.com
Comment removed based on user account deletion
Isn't this more like having the entire neighborhood join the neighborhood watch, then post everyone around the perimiter of a pedophile's property?
the trouble with mobs and vigilanes though is they are not very just, and can't be relied on not to attack the pediatrician by mistake.
lynchings are generally considered bad things for a reason, and this is what this screensaver amounts to online lynchings.
We could be seeing a dotslashing (a reverse Slashdot) where this site is bombarded by visitors because of all the links to it.
The really terrifying part is that non-geeks will get to see how geeks communicate...
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
As long as they can do it to /. as well.
Why not get every person and every site on the net to DDos the entire farking thing off the planet? Doesn't that sound like fun?
Think about it, there is not one thing on the net that probably isn't an annoyance to at least one person out there.
If DDOSing a site you don't like becomes generally acceptable behavior, the net is in some serious trouble.
It's entire foundation of the internet being based on believing that people will generally "play nice" (as it is) is on the verge of causing it's destruction here.
Lets keep cool heads. Boycott and stop supporting the use of the lycos screen saver and get back to work on a better email protocol!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
i'm so confused. isn't this the same lycos that has their sidesearch spyware (http://www3.ca.com/securityadvisor/pest/pest.aspx ?id=453078521)?
and if so, isn't this a bit disingenuous to be a anti-spam patriot while perpetuating their own brand of spyware? i mean, really, now.
Universal broadband - even constrained geographically (ie we are all broadband peers in our neighborhood/block/town whatever) will make both ddos attacks and hacking individual machines ineffective. Imagine how popular radio would have been all those decades ago if more listeners caused the radio station to be knocked offline.
Dear Spammer,
I hope you enjoy the packets we are sending you. This is a not SPAM. Previously you opted-in for these packets. If you would like to be removed from our packet list, please turn off your machine. Thank you.
First I'll cite an example from the university I work at. We bought a better connection based on the sole reason that we get so much spam the website was loading slowly. The option of having our email outsourced was looked at, but in the end it was still cheaper to just get a better connection. Are the spammers covering the new cost incurred because their actions? Haha, yea right.
There was just an article today about how big the market for spyware removal had become. It is well known that some spam sites install their crap when you visit their site, or if the person is using OE or even Outlook 2000 the stuff installs straight from the e-mail. Again, are they forking over some of their profits to cover the costs for this?
An eye for an eye is perfectly legit in this case since our governments are so slow to do anything worthwhile about the problem. In America we have the right to bear arms and form a militia (under certain circumstances) so what's wrong with us bearing different arms, our bandwidth and computers, and forming a different type of militia to get rid of our enemies?
How does taking down a spammer's Web site stem the flow of spam? The two aren't related, and in fact all that's happening is that a hosting company somewhere is getting blasted (not that that bothers me ... host a spammer's Web site and you can just take your lumps.) However, actual spam is sent using open relays and other bits of misdirection and likely isn't even on the same pipe as the Web site. Sure, this sends the spammers the message that we don't like what they're doing ... but one has to assume that they already know that. I guess I don't see what practical purpose this is serving.
The higher the technology, the sharper that two-edged sword.
Tell you what. I do not think that the issue is being better than spammers, I think the issue is that it is about time a bit of vigilante justice is done to these bastards. No matter what laws are created, because of the nature of the Internet itself, this may very well be the only way to stop these people currently.
DISCLAIMER:
I don't believe what I write, and neither should you.
I think you are 100% correct, and I applaud your post. You hit it on the head.
DISCLAIMER:
I don't believe what I write, and neither should you.
If your site shares a network with a spammer, time to complain to your feed site. Anyone who puts their customers at risk by tolerating known spammers on their network deserves to lose business or to get sued by their customers. (something along the lines of tolerating a public nuisance which is interfering with your business, I suppose)
Tech Public Policy stuff
While I generally agree with you, there are a few counterarguments that need be considered:
"If DDOSing a site you don't like becomes generally acceptable behavior, the net is in some serious trouble."
Keep in mind that this isn't about sites that we don't like, or sites that offend us--it attacks the sites that CRIMINALS use to perpetrate their CRIMES. Theft of service and fraud are pretty obvious, but I can't believe that most spamming isn't tied into organised crime these days.
As for the 'net being founded on people generally playing nice together (with some minor checks and balances), well that's what has led to spammers having as much power and as big of a market as they do. They have abused that basic premise, to the point that the net we once knew and loved has been destroyed.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Err..no. The "art studio" is a prollific and long time spammer. But they do apply the standard Israeli method of operation: when you get caught red-handed, you shed crocodile tears and make big eyes and whine and whine and whine about how you are a victim and the whole world is unjustly against you etc etc. This act is wearing a bit thin.
Are the ones who decided to do that attacks. Lycos just had an idea, it takes computer users to implement it (or not).
Quack, quack.
When someone sends a SYN, you don't have to respond with an ACK. If they don't like it, they should delete those packets and get on with their day.
Whiners
Like screensavers capable of emiting EMP's targeted at those spammer boxes. That would be really cool.
Comment removed based on user account deletion
No, seriously, the 'net was founded on principles of consensual anarchy.
:
By signing onto the Internet, the spamming companies agreed to join a transnational network that was effectively above the laws of any one nation.
My Friend, there is another transnational network that have existed way before Internet. In your country, I think it was AT&T who built it (not sure). This network, even if transnational, was not "lawless". The IP adress is now what was the telephone number, but you are still under the constraints of the law, the law of your country and if you are not american, the law of your country plus the law of the country you communicate with...
Interresting reading to finally iron this perception that there is a "cyberspace", different from the "meatspace".
I think most geeks that can't get a girlfriend would love to have a different world, where they can do all those wonderfull things that could finally impress some girls... Sorry my friend, there is no such world.
I don't get how you could get rated Insightful...
The Internet might have been wild in his early age, but as he goes mainstream, the legal crowd will order rules, with time passing, until it is fully ruled under national laws...
Interresting reading for you my friend (In english, I'm not too cruel with you, you see !)
HERE
Note : I'm not against US, like the author, but his point is still valid. Meatspace rules, Cyberspace is an illusion...
---
By the way I apologies my dear US friend, I'm French...
I agree. I think the screensaver is a great idea. You can say what you want about ethics and all, but the fact is that the spammers are already mounting their own DDoS attacks on anti-spam sites. Did the authorities do anything? Nope. Think about it... if a guy sucker-punches you in a dark deserted alley, would you punch back or ignore him? Spammers have clearly declared war on anti-spam sites(and the general public). I liken the DDoS of SpamCop in November 2003 to Pearl Harbor. The only difference is that after Pearl Harbor, we defended ourselves and vanquished our opponent. What was the outcome of the SpamCop DDoS? "Well, you'll just have to invest in better filtering software and pray it'll work". I'm tired of hiding from spam. We have to fight back.
I read the reports here and there about a spammer getting jailed/fined/lynched, but my inbox still fills up. I'll bet that for each spammer that is jailed/fined/lynched, you have 5 new spammers filling the void. What is being done to stop this? Not a lot. Spamming is still a HUGE moneymaking opportunity with relatively few barriers to entry, and it is "legal"(as long as you cover your bases).
IMO, the best thing about this tool is that it will allow the common man to "get back" at spammers. I think people have lost their patience. They don't want to wait months for the next half-baked, loophole-laden piece of legislation that the spammers in other countries will just laugh at.
Another facet of this discussion is enforcement (at least in the US). Many sites say that it will open you up to legal trouble, which may be true by the letter of the law. But consider this - very few spam that I receive are "can-spam" compliant. This, coupled with the fact that the US is the biggest source of spam, indicates that the US Government is having trouble enforcing a law that it made specifically against spam. IANAL, but I don't think there is a federal law against DDoS'ing. I'm not saying it's OK to DDoS, I'm just saying that I think you'll be struck by lightning 3 times before you get nailed for DDoS'ing a spammer.
And about the DoS at the user-level... If Lycos only directs a user to DoS spammers in countries outside of the users' own country, does the spammer have any recourse other than to complain to the DOS'ers ISP?
Maybe Global Crossing doesn't want to get involved in petty Internet politics
Except of course by reacting and blocking access to the lycos site they are getting involved.
it's much easier to come up with a conspiracy theory whereby Global Crossing is protecting those evil spammers
Except of course Global Crossing does provide international connectivity to many Chinese providers who host spammer sites and Global Crossing's abuse department specifically disowns complaints about these sites when the chinese ISPs are unresponsive.
Maybe Global Crossing is more concerned about people wasting their bandwidth on the latest cause of the day
If they were really concerned about this then they could simply block port 80 traffic TO the spam sites when it enters their network, not block access to the lycos site.
Your argument is really pretty flimsy, it aint no conspiracy, GBLX provides lots of backbone connectivity to spammer sites in china and GBLX blocked the lycos site - ever heard of occam's razor?
As a concerned villager, I personally am off to grab my pitchfork and swarm the monsters castle like everyone else
Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?
By continuing to send SPAM, they have opted in to this program!
The act of sending SPAM is an opt-in request for this handy, distributed, load testing system!
Any time they want to opt out, all they have to do is stop sending SPAM, and their opt-out request will be processed within X business days!
How very handy!
I wonder if Lycos would be willing to sell this handy load testing system without requiring you to first send SPAM? I know I'd like to have the new firewall and load balancers stress tested before putting them into production.
It's kind of unfair to restrict this free load testing to established bulk mailers.
"Live Free or Die." Don't like it? Then keep out of the USA