Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lycos Anti-Spam Screensaver Brings Down Spam Sites

Posted by CowboyNeal on from the online-vigilantes dept.

ChairmanMeow writes "According to BBC News, the screensaver released by Lycos Europe that targets spam websites has been a bit too successful at targeting spam sites, bringing down two sites, with a third responding intermittently, and raising concerns that the screensaver amounts to a DDoS attack against spam sites. Of course, spammers deserve to be punished, but will DDoS attacks against spam websites help to curb the problem of spam?" While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.

22 of 715 comments (clear)

  1. Bad? No way. by Malevolyn · · Score: 5, Funny

    It's nothing illegal. Just packet spam.

    --
    Your ad here.
    1. Re:Bad? No way. by networkBoy · · Score: 5, Insightful

      Really,
      Is there anything legally wrong with this?
      It's not a "bot" army in that the owners of the PC's opted in to do this.
      -nB

      --
      Damn 2 min between posts BS has got to go. Should be limited to within topics or something :grrr:

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    2. Re:Bad? No way. by name773 · · Score: 5, Funny

      Spam is a bit harsh; the lycos screensaver is a legitimate bulk packet sender.

    3. Re:Bad? No way. by pcmanjon · · Score: 5, Informative

      One of the spam sites www.moretgage.info has changed it so it has a meta refresh tag to redirect traffic to lycos.

      Interesting, but I don't think the screensaver actually renders and executes HTML code, it just does a GET, meaning the redirect would do nothing, right?

      If it does execute code, (which would be a security hole vuln.) then I suggest they just do a get on www.moretgage.info/fakepage -- which isn't apparently blocked.

    4. Re:Bad? No way. by severoon · · Score: 5, Funny

      Well, wait a minute. It's clearly unethical if the screensaver sends random data to these spammers web sites--that's clearly a DDoS attack. On the other hand, if it's not random data and it's, say, business opportunities and offers of various useful products that the spam sites might want to know about, I'd say this screensaver is providing a valuable service to them!

      --
      but have you considered the following argument: shut up.
    5. Re:Bad? No way. by vacuum_tuber · · Score: 5, Informative
      One of the spam sites www.moretgage.info has changed it so it has a meta refresh tag to redirect traffic to lycos. Interesting, but I don't think the screensaver actually renders and executes HTML code, it just does a GET, meaning the redirect would do nothing, right?

      Right. Pretty much all of the recent news stories about this got it 100% wrong. In fact, from a sample HTTP request someone posted in one of these Lycos threads here, the screen saver doesn't even request a valid file. It generates a GET or POST intentionally formulated to generate a web server error response. Very clever. Not so clever are all the whiners and speculators who erroneously presume things like the imagened vulnerability of the Lycos tool to HTTP redirection.

      --
      Look at the bright side: there's always seppuku.
    6. Re:Bad? No way. by Tackhead · · Score: 5, Insightful
      > Spam is a bit harsh; the lycos screensaver is a legitimate bulk packet sender.

      Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?

    7. Re:Bad? No way. by ArcticCelt · · Score: 5, Funny

      I think we are on something here! The screen saver should send something through the GET like:
      http://www.spamersite.com/?do_you_want_to_increa se_you_bandwich_by_three_full_gb

      --

      Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
  2. Actually... by Anonymous Coward · · Score: 5, Informative

    It's according to Netcraft. Their story is Spam Sites Crippled by Lycos Screensaver DDoS, followed by Lycos Screensaver Site Blocked by Internet Backbones and Lycos Screensaver Site Changed, Now Says "Stay Tuned". F-Secure also says spammers are beginning to fight back by redirecting traffic back to Lycos.

    Come on people, primary sources! This isn't elementary school.

  3. OMG, you're right! by rackhamh · · Score: 5, Funny

    What a horrible thing to do to those friendly neighborhood spammers. :(

  4. Unmoderated system? by rubberband · · Score: 5, Insightful
    As the admin of my mail system's spam filter, I would like to see nothing more than "drag a spammer in to the street and beat them with a keyboard until they repent day" but I worry about this system.

    Who controls the list of "spam sites"? What are the criteria for becomming a victim? I would personally like this process to be transparent before I encourage anyone to participate - I do think they have the best intentions, but the potential for abuse is a bit scary.

    That's what sucks about the spam war.. the good guys have to be careful how they deal with the problem to avoid accidentally screwing someone innocent. The bad guys just double their output.

  5. Re:Hmm. by colman77 · · Score: 5, Insightful

    No, it's not- it's fighting back. This should serve as a lesson to those spyware kiddies, too. It's about time these malware losers got a taste of their own medicine.

  6. Re:DDOS? Or manual takedown? by colman77 · · Score: 5, Insightful

    Does it matter? Mission (screw the spammers) accomplished either way.

  7. Re:Quick! by shdragon · · Score: 5, Informative
    Ask & ye shall receieve.

    www.bokwhdok.com

    rxmedherbals.info

    blundering.subbvbvf.com

    http://m39.computergearplus.com

    www.artofsense.com

    printmediaprofits.biz

    --
    "...we dont care about the economics; we just want to be able to hack great stuff."
  8. I love spam by sparks · · Score: 5, Funny
    I am always interested in novel commercial propositions. There's nothing I love more than seeing what exciting offers are available in the way of bodily enhancement, alternative medicines, and high-return investment opportunities.

    Don't you feel the same? I'm sure you do.

    Wouldn't it be great if someone would create a screensaver that would automatically visit the websites of the vendors of these enticing offers and display them on my screen? I'm a fast reader so it would be great if it could show a few each second.

    That way, I'd be able to read all about their exciting products without having to do anything at all.

    If there was such a screensaver, maybe lots of people would download it. After all, I'm sure we're all interested in the products on offer. And what e-entrepeneur wouldn't want to have thousands of interested potential customers visit his web site every second?

  9. Re:Worrying by raehl · · Score: 5, Funny

    line will creep down at Internet speed.

    African internet speed or European internet speed?

    --
    paintball
  10. A few bits of info.. by BawbBitchen · · Score: 5, Interesting

    Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.

    It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.

    It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"

  11. Berman tried that by www.sorehands.com · · Score: 5, Informative

    Last year, Berman tried to pass a copyright measure which would immunize a copyright holder's efforts to stop someone from violating their copyright -- hacking into their system to remove the material, take it off the network, or shut it down.

    --
    Fight Spammers!
    1. Re:Berman tried that by dgatwood · · Score: 5, Insightful
      The point is that when there's no peaceful resolution (i.e. a court settlement), then everything descends into a non-peaceful solution, i.e. a free for all.

      Welcome to the Internet. :-)

      No, seriously, the 'net was founded on principles of consensual anarchy. That's the way it has always been, and the way it always should remain. By signing onto the Internet, the spamming companies agreed to join a transnational network that was effectively above the laws of any one nation. If someone wants a protected little world, they should wall themselves off from the 'net behind eight firewalls and never communicate with the rest of the universe. If a whiny, crybaby spam business wants to fight against it, let them try. Next time, the 'net's tendency towards autocorrection will ensure that they get BGP blackholed for all eternity.

      The right solution for solving spam is not one of government. We don't need laws to make DOS attacks on spammers legal because they were never illegal to begin with. They agreed implicitly to accept whatever the Internet threw at them when they signed on. This is the way the Internet has always worked---when polite discourse fails to correct the error of one's ways, the 'net's response is to isolate the problem in the harshest possible manner to serve as an example to others who might choose to also act in ways that are harmful to the best interests of the 'net.

      There's simply no other mechanism for solving this sort of problem other than everyone giving up on unsigned SMTP, and since too many people aren't willing to do that, the only alternative is to simply packet-spam the spammers into oblivion. I say, let their routers burn.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  12. Re:Hmm. by legirons · · Score: 5, Funny

    "Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer..."

    except without the fires and dead people...

  13. Re:Quick! by oexeo · · Score: 5, Funny

    All those links are down, do you have any mirrors?

  14. Re:One question by Fjornir · · Score: 5, Insightful
    Simple. Economics! Spam is an attractive massmarketing tool simply because it it so SO cheap. If it becomes common for sites selling through spamvertising to be protested in these virtual sit-ins then two things happen:

    a) Their bandwidth bills go up from all of these bots reloading them, increasing the cost of using spam a LOT.

    b) The people who would want to buy their product are discouraged by long pageloads and sporadic outages, decreasing their revenues.

    --
    I want a new world. I think this one is broken.