Slashdot Mirror
Lycos Pulls Vigilante Anti-spam Campaign
davidwr writes "Eweek reports that Lycos is scrapping it's anti-spam campaign: 'On Friday, Lycos Europe gave up the ghost, posting a 'Stay Tuned' note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.' See previous Slashdot coverage from Nov. 26, Dec. 1, and Dec. 2."
fighting fire with fire doesn't always work
I can't believe the execs at Lycos even had the balls to O.K it as a plan, let alone develop and support it. Corporate sponsored DDoS attacks? What would have been next; MPAA sponsored screen savers that attacked BitTorrant link sites? SCO sponsored screen-savers that attacked kernel.org and Slashdot?
... i always wanted to be part of a botnet
Now if only spammer would follow the suit!
::day dreaming::
errr..
**"I find the anti-spam downloadable DDoS tool to be without a doubt irresponsible, possibly illegal, sets a really bad precedent, gives the wrong impression to users, and possibly the dumbest thing I have heard of this week," said Adrien de Beaupre, an incident handler with the SANS Internet Storm Center (ISC).**
besides than that.. anyone care to pull ye olde form and tick the right places for this particular 'solution for spam'?
world was created 5 seconds before this post as it is.
Really it's not that complex of a product to make and given that it seems to have been somewhat successful at accomplishing it's goal (or in fact too successful by actually DOSing the spammers) I don't see it as that unlikely that someone will go and create a new screensaver that is even more destructive.
Clearly there is at least some interest in fighting spam with DDOS even though it's not the best solution.
I for one welcome our new spamming overlords..
... i always wanted to be part of a botnet
What, you don't have access to Windows?
Personally I think this is a bit of a shame. I know a lot of people here weren't too keen on the aggressive style and dubious legal grounds of this scheme, but to tell the truth, if there was a possibility it would eradicate or at least slow spam down, then I'd have to say I'm all for it.
Perhaps the problem here is that with Lycos being the single point of failure, as well as being a customer facing organisation, its position was just untenable.
There has certainly been lots of talk about building in such a system to mail clients, and perhaps having a distributed spam-attack system that way - perhaps this will be legally more tenable (they actually emailed you personally) as well as more resilient to pressure.
This sig has been deprecated.
Looks like Lycos is /.ed...this time forever.
How am I supposed to fit a pithy, relevant quote into 120 characters?
"the company appears to have scrapped the campaign."
Huh? They just put on a "stay tuned" on the site, because the spammers are fighting back redirecting either to legit sites (Microsoft was one) and Lycos themselves.
Lycos is most probably just automating the process of detecting that and improving the requests (they were doing random POST and GET).
Let's hope they don't scrap the program. I see too many celebrating spammers posting here.
What about existing users of the screensaver? Will it continue to work (i.e., flood spam sites)?
quidquid latine dictum sit altum videtur.
This sucks, now I need to get a new trippy screen saver.
But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers with this, or made them feel less secure, in the week this stunt was running. More importantly, look at all the publicity Lycos got out of this; if it wasn't for this spam thing I probably wouldn't have even thought about Lycos's existence once in the second half of this year, and probably you or most of the other people here wouldn't have either. Instead, thanks to makelovenotspam, they've been rescued for at least a moment from obscurity and irrelivance and they've been all over the headlines for a week. Meanwhile, by getting out now Lycos possibly avoids the otherwise-almost-certain legal problems from all of this.
... well probably.
Was makelovenotspam, in its short life, effective? Almost certainly not. Was makelovenotspam a public good? I'd bet not. Was makelovenotspam good for Lycos?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
They never had a Linux version.
Free Software: Like love, it grows best when given away.
Your post advocates a
( ) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
(x) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
( ) Nice try, dude, but I don't think it will work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
How am I supposed to fit a pithy, relevant quote into 120 characters?
Lycos did win a minor victory in getting it's company name in the news again. Before this I'm sure most people forgot this company existed. Even bad publicity can be good "sometimes".
I propose Slashdot's editors agree to "accidentally" incorrectly rewrite one submitted link per week to point to the site of a major spammer. It will have exactly the same effect as the Lycos DDOS screensaver, fulfilling its necessary service now that Lycos has backed out, but lack the legal risks and require no new technological infrastructure.
Lycos couldn't handle all the bandwidth required since no one visits their site anymore... ;)
... anybody got it mirrored? :D
Why not build this feature into an email client (e.g. Thunderbird). When you get a spam, you put it in a special folder and the client repeatedly accesses the site (a la the Lycos screensaver). That way nobody can be cited for orchestrating a DDoS or unfairly blacklisting. Each recipient can make their own spammer determination.
Whether the client uses the exact URL in the email (which often has identification codes for the recipient of the spam or the affiliate who sent it) is a matter of debate. On the one hand, I don't want to identify myself to any spammer or show that my email is live.
On the other hand, I would want the spam site to know that using my email address will only bring it grief. As a side bonus, it might even bankrupt the site when it has to pay its spammer affiliates for all the automated clickthroughs. If a greater percentage of people clickthrough via automated means (but don't buy), it harms both the spam-marketed site (in bandwidth and affiliate charges) and it hurts the spammer when sites reduce their clickthough payment rates. I can only hope that this will cause spammer-using sites to crack down on spammers that are too aggressive.
Two wrongs don't make a right, but three lefts do.
Has anyone else thought about decompiling the flash movie and modifying it to do lots of lovely things to the spammers without the help of Lycos?!
I am surprised that a company did this first. This is perfect for a community project. Maybe attack not just spam sites, but also spam mailservers(fetched from your favourite blacklist), spam software companies...
Netcraft is reporting this too. Check out there story here. I wonder if the fact that several Internet backbones were blocking Lycos's site had anything to do with them finally deciding to pull it. My guess is simply that this was creating too much bad publicity. Everyone was talking about how Lycos was using unethical tactics to try to stop spam. Lycos probably figured it was not worth it.
Man: The Most Dangerous Game.
It's cliche, but two wrongs don't make a right. Lycos had a good goal, but the ends don't always justify the means.
"There's no success like failure, and failure's no success at all."
- Bob Dylan
I'd say Lycos are just getting legal advice on whether to continue- the screensaver's future lies in the hands of lawyers now. People entrusting corporate decisions in the hands of lawyers? God help 'em ;)
This isn't all to complicated to concoct, I wonder if anyone will take it upon themselves to create a screensaver that does the exact same thing.
When I say anyone, I mean anyone with the basic programming capability to do such a thing. Without huge corporate liability behind his back, one anonymous vigilante could easily pull this off; and I and many others would quickly flock to his cause, this can be taken for granted.
This to me seems like a reasonable idea. Soon, no ISP will want to host a spam site if it brings with it crippling bandwidth usage. Regulation has failed to stop spam, so the only solution appears to be attacks on the machines hosting such sites.
A simple tool that ignores meta tags and redirects would be a better idea though. That way, all the bandwidth usage is centred on the server being utilised by the common criminal. With a text file listing the addresses and resource names to download, and headers matching those of a common browser, spammer's bandwidth usage and site responsiveness could be seriously degraded without them being able to distingush between genuine clients or DDOS clients. Such a tool can be created in an hour or so, and is hardly a major technical achievement (lycos did it in macromedia flash). A central server should not distribute the list of spam sites in such an instance. If users add sites from spam they recieve themselves, we can guarantee that the right abusers are being targeted. We would also likely need an exeption list to prevent common free hosts that ARE resonsive to quickly removing spam sites from being targeted immediately, and the client would have to automatically check which sites have been dead for a months periodically, and after maybe six months, remove them from the list of sites to be attacked. The problem with the above is finding some host from which to safely distribute such a client, without it being attacked by subhuman trash.
Personally, i always take the time to vist spammers sites, and fill out their form submissions to let them know my view on their crimes. If we all complain to their ISPs, and if we all ignore the rubbish they are selling and their crooked schemes, spammers will have a lot less reason to continue with their base criminality. Die spammer, die, die, die.....
Wanna post it here?
;-)
Boy, I'm sure clicking 'post anonymously' for the first time in ages...
Finally.. lycos realise that trying to police the web will not work. Its like trying to stop car thieves by stealing their cars, and they underestimated the amount of spammers who have the money and know how to bring them trouble.
a great idea, but thats how it should have stayed, an idea.
Business Voyeur
You do realise many spammers are from the Russian Mafia? Please don't be surprised when you find a horse's head on your pillow, and don't expect any sympathy from people who told you being a vigilante moron with the delusions of moral superiority is a Bad Thing(TM).
I stopped trusting Lycos the day I started finding this bloody thing on my customers computers. That they tried and failed at something so shady in the first place doesn't seem like much of a surprise to me. This was just some poorly done publicity stunt, probably dreamed up in by some PHB deep in the dungeons of their marketing department.
is sorely needed so folks can gather around and develop a solution similiar to the Lycos pardigm.
,so naturally if us peckerheads down here in the dirt were able to solve our problems they would be jobless!
If someone knows of such a site would you please reply to this post with details?
Like others I am very interested in seeing the work(vigilantism though it be) continue since all other efforts --including the questionable 'security ' groups who are screaming FOUL.
They wish this type of activity to continue so their own 'rice bowl is not broken'. In other words they profit from the work of crackers,zombie artists and their ilk
DOS'ing spammers has potential to make a serious dent in spamming revenue and actually lessen the amount of spam we see in our mailboxes. This is why spammers fought back so quickly against Lycos; they saw their bottom line being compromised. A big company like Lycos is not best organization to lead an attack against spammers because they are an easy target for spammer retaliation on the internet and have a lot to lose legally and financially.
Instead if a lose group of spam haters worked together to develop open source version of the "Make Love Not Spam" screensaver or something similar, you would end up with a much more formidable foe to spamming. The OSS version would need handle redirects (and not follow them) and would need to have a decentralized mechanism for distributing target information. If Lycos can put together 100,000 volunteers in a week or two, then it's not far fetched to see another similar open source project pulling similar numbers. Especially if it were available for both Windows and *NIX.
Lycos made a major blunder with this campaign. I think it actually gave the entire computing community a black eye and am thankfull they pulled it as quickly as they did.
It worked along the same theory that "It takes a criminal to catch a criminal" does. That sometimes, you have to get down and dirty to fight back.
If the only people that got hurt by that kind of plan were the bad guys, I'd buy it. But it doesn't work that way. There is colatteral damage and often times the innocent victims outnumber the bad guys. All that traffic was sent through the internet, across innocent's routers and delayed legitimate traffic. Especially near the end where the bad guys got on the net. I would have hated to be a legit user going through the same service provider as the bad guy!
You could argue that the bad guy's ISP is partly to blame and I'd agree but things aren't that simple. There are several upstream providers and thousands of legit users that were hurt. The colatteral damage was too much.
On top of that, this action gave bad guys ammunition. They are now pretty much able to make a case that other legitamate users are using similar tactics as they are. The screensaver turned end user's computers into bots!
Two wrongs don't make a right. Thank you Lycos for recognizing this a little late but still you did figure it out.
I know a lot of people don't agree with the concept, but I do. The law is getting better but it hasn't handled the spam problem yet. Making the business model invalid is a great idea.
Think of it as free speech... by having everyone visit the website, it's just like having an old fasioned sit in so the company can't do business.
Agile Artisans
So the spammers were outraged that someone would do what they are doing to others?
While Lycos was on unsteady legal footing in terms of their targets (i.e. it's often tough to connect a web site to the spam sender) the MPAA and RIAA can easily prove that a particular user or BitTorrent link site is sharing/hosting/providing copyrighted material. It may be just a matter of time before earlier efforts to legalize RIAA and MPAA DDOS attacks are resurrected.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
'pears a lot of spammers are in the crowd meta-modding up the posts that are favorable to their venue.
Why else is some of these getting a 4? Just how prevalent are spammeisters on slashdot? How much are they trying to control the attitude here?
I notice at this point most are choosing AC when they do so.
They see the battle. They know they are in for a fight. They have nothing better to do with their miserable useless life than beat upon innocent users with their ugly pink porcine slime.
I say stomp the dirty vermin out. What ever works -go for it.
If you have mod points, please mod the parent post up.
Lycos is only doing this to get mentioned in the media.
Lycos is a known spyware distributer/collaborator. If I had to choose between the lesser of two evils (weevils?), I would much rather have spammers than spyware. At least with Spam, I can use Spambayes.
My department has three people who support 800+ computers that need to run MSIE. Spam is a pest and an inconvenience. Spyware disables the machine and causes a lot of work when a machine must be returned to working order. There isn't one product that finds 100% of this crap, and our users aren't deemed smart enough by management to be able to use two browsers, so we are stuck with MSIE being the only browser on these machines.
IMHO Lycos had the balls to stand up to the spammers and that is a good thing. To the people who are poo-pooing Lycos I say you are wrong. I don't think the plan backfired at all. Their method got some attention and points out that something needs to be done.
Maybe someone will port this as a new plugin for the Thunderbird spam filter. :-)
Vigilante really means "someone who thinks they are above everyone else and the law" which is basically the same definition as a criminal. In fact I would even go as far as to say Lycos are worse than spammers in principle - spammers don't target individuals they mail everyone they can find, and separate spam groups don't collaborate to fill your box, they are all independently adding their contribution. Vigilantes often make mistakes and because of their revenge attitude their punishment is often worse than the original crime. Take the recent Mexico City lynch mob, not only did they get the wrong people, but their burning someone to death demonstrated that they were far sicker than even the worst of those they were trying to target. Vigilantes are just wrong. Lycos should be prosecuted if they've broken the law on this, otherwise the law needs to be revised.
We can find a solution to spam and it doesn't need to involve stupidity.
This comment does not represent the views or opinions of the user.
Next, the spammers will start converting all the zombie PCs they now use for distributed email attacks into web servers that provide their advertisers a distributed source of order-taking. This means that unsuspecting PC owners everywhere will soon rack up astounding bandwidth overruns as URLs that point to their PC get entered into the SBS program.
Nevertheless, an SBS does strike directly at the spammers, raising the hoop a bit higher and perhaps winnowing out the less 'professional' among them.
The only sure cure for spam, of course, is to take the battle one step further, by consuming all the resources of the advertisers directly - call their phones, request literature, place fraudlent orders with non-existant CC numbers (that, of course, pass Luhn MOD 10 checking) and provide contact phone numbers that ring forever. This will swamp them with orders that tie up their sales staff, cost them money and ultimately starve them.
The only problem with "the final solution" for spam is that it takes individual effort on a daily concerted basis. So spam endures by riding on the backs of those so clueless that they actually order products from spammers and those of us too lazy to do anything about it.
Ain't humanity grand?
You really don't 'work' in a 'department' do you? You live in your moms basemen,t don't you? You haven't seen the sky in four years
.
You make a living stealing bandwidth , don't you?
.
Your disposable.
I want one, opensource, which runs under linux. I will run it as a daemon on all 5 of my servers.
#
#\ @ ? Colonize Mars
#
Call it what you want but it probably was working. I recorded a drop in spam that started last thursday and was proportional to the number of screen savers in operation. By the time it hit 104,000 savers in operation daily spam was down over 80%. I actually had three solid hours with no spam (that hasn't happened since 9/11). Historically spam rises during this time frame.
It's odd that attacking websites seemed to have dropped the amount of spam. Makes me wonder just how close the spam servers are to the spam website servers. Maybe the innocent victems we are so worried about are really the spammers.
Come on all you people - this was a probe - yack about good or evil and POST YOUR RESULTS!
What did this really do. I can't be the only one who tracks spam. Admins, what do you say?
The software is already running. No way to stop it now. I'll bet that 50% of the people who downloaded it are happy with it, and never uninstall it.
Having said that, I think it's hubris encoded. No self-respecting company would release such illware.
i report every piece of spam i get and one thing i've noticed since lycos announced this program is the inclusion of the nvidia.com and yahoo.com domain names as active links in the spam.
this is no doubt an attempt to direct the ddos over to innocent bystanders.
lycos is going to have to realize that the only way to stop spam is to remove the financial reward to those who do spam.
don't buy from spamvertised companies and you'll see the spam problem diminish.
Is it 5:30 yet?
The only way you could avoid this is if the zombie bots' ISP's notice huge amounts of incoming traffic and take them off-line. If this functions as a mechanism for notifying ISP's that a particular user is running a zombie, it would be all to the good; unfortunately the first step isn't perfect by itself, it's just one more step in the arms race.
Time is Nature's way of keeping everything from happening at once... the bitch.
For the first time, the angry mob (people around the world with email accounts) have tasted blood and they want more. "The beast is wounded, quick, go for the eyes!"
It hardly seems important whether the notion of DOS-styled retribution is appropriate or even legal - no such moral or legal considerations have managed to control people's decision to download mp3's and movies for free.
This is history in the making, and as I see it, the real story is this; we have been victims with no means of defending ourselves, while our frustration and anger grow without end. Suddenly a revolutionary appears on the scene and give us hope, showing us how we can fight back.
It's no longer an issue of whether or not we will, or should fight back - the mob has tasted blood and will have more. As far as I'm concerned, it falls to forums like this one to "think-tank" relatively responsible solutions, and I've heard some good ideas here in the last week.
We all know someone is sitting in their basement right now, pulling an all-nighter, writing the next tool of mass-retribution, fueled by strong coffee and an even stronger hatred of spam. I suggest that if cooler heads are to prevail in any manner, it will be by creating a less-malicious tool of retribution, one which attempts to focus the attacks on legitimate "military targets" by requiring manual human selection of the targets, not by letting some distributed software select the targets automatically. Better hurry, the latter approach is probably more tempting to programmers who have succumbed to the blood-lust...
I've seen several mentions of "have your email program open all the links in spam."
I'm betting someone is modding Thunderbird to do this with any message that winds up in the spambox as we speak.
Of course, this would make everyone using such a program an unwitting participant in a Joe Job:
I want to bring down a web site, so I spam a link to it, and a million anti-spammers's mail programs visit the URL in a short period of time, knocking it offline or raising the bandwidth costs.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Instead of attacking the site, the screensaver instead should have merely hit each URL in the email body once, just as the users EMail client would do. It should then take the most prevelant URL to the website in the spam (prevelant meaning the one appearing most) and fetch the page and again fetch each image (etc) url on that page, just as what would happen if the user had clicked on the link in the email.
Why do this? Well, for one, it will make the spammer a very very lot of money very quickly. But two, it will cost the spammers customer a huge amount of money without any sales. The cost of doing business this way would be too high (assuming enough screensavers to do this). and spammers would either have to shift their model or pick another industry.
You mean modding?
All meta-modding does is get people removed from the moderator lists.
Oh, it can also get you more opportunites to mod and increase your karma a fraction of a level.
Yes, Lycos is worse than Spammers in the same way that the government is worse than terrorists and mass murders. After all, the terrorists don't target individuals, they kill everyone they can...
Vigilante may have a bad name, but there are plenty of occasions where vigilantes have done plenty of good.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
>Corporate sponsored DDoS attacks?
Limited legal liability comes in very handy after all those potential lawsuits. Whatever damage (real, hypothetical, etc) would be protected by the corporate shield, thus protecting the owners.
The companies that hire spammers are corps or s-corps, or LLCs too for the same reason.
Worked. Got "lycos" on the tips of everyone's tongue. Got people to talk about spam. Got Lycos's brand in the news again. Now I'm suddenly seeing Lycos's logo everwhere where I never noticed it before, like at Wired News. No, its not new, I just never "saw" it.
This is a win-win. They exploited the anti-spam fervor and got attention which might translate into profits, loans, etc.
How is bouncing email back to spammers ( done with Kmail ) any worse then what Lycos was doing? I don't see it as fighting fire with fire, It's more like dumping the garbage they dumped on my lawn and putting back on their lawn.
Danger Will Robinson! You are now entering a condescending Unix user zone!
How about some white hats putting together a free (beer or speech) version like this? I really like the idea, and dutifully posted many a spam link (when I could get to the site) whenever I got one. Something like this, but for spammers?
Now that's what I'd call strong condemnation. Yeah, right! Not even the dumbest thing of the month. Oh, yeah, the SCO suit is still in the courts.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Make that towards your next legal rental. I don't think the MPAA can release anything that doesn't overuse the word "legal" in it.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They didn't use it themselves.
They fully disclosed to users the functions of this screen saver.
The users intentionally downloaded it, agreed to the terms, and knowingly ran it.
I'd think blaming Lycos is legally dubious, at best.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The word's laws aren't protecting us, so this sort of thing is needed. These people are committing crimes of theft of service (including bandwidth, server resources, man-hours), and possibly hacking laws, with some of the methods they use (VERIFY, the use of mangled headers to bypass SMTP server protections, etc)
What happens when the law won't protect you? Sure, you possibly endure the crime being committed and lobby for laws. Or you go vigilante on them.
What happens when you're on the Internet with hundreds of different governments? You can't lobby them all and when you get laws in one country, they just move their operations to another.
You're essentially shit out of luck here, and vigilantism/mob justice is in order. You don't have to like it, but don't stop us.
The whole thing reminds me of The Gladiator, armouring his truck to physically push drunk drivers off the streets after his brother was killed by one. One day he manages to stop a speeding driver, only to learn that the driver is not drunk, but eager to get his pregnant wife to hospital. Maybe Lycos has learned a similar lesson now? Nah, corporations never learn from their mistakes...
It's vs. its.. GET IT RIGHT!
In regards to your diatribe against vigilantes: when the authorities are corrupt or unwilling to help, vigilante justice is the only justice to be had. With spam crossing state and national borders, and the U.S. authorities being unwilling to take a stand, a little vigilante justice makes sense.
Lycos's solution doesn't make much sense though. What about spoofed mails? What's to stop me from spamming ten million people about my competitor's website, so Lycos shuts THEM down? It seems poorly thought out to me.
...Bittorrent sites report that the attack on their website has stopped.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
fighting fire with fire doesn't always work
Actually Lycos is BRILLIANT. Just a year ago I would have agreed with you but careless Internet computing (primarily unsecured(able) Windows machines) and commercial spamers are ruining the experience for all.
Maybe it is time to fight back. I have no problem in running a program where if I click on a spam button, the senders IP gets 1-5% of my bandwidth for a day. This would raise their costs and throttle their output. Perhaps the upstream ISP would take note and cut them off like they should have done along time ago.
I also find it amusing that some network providors would cut off this site yet let spammers go wild. Using a method like this hurts them for their irresponsible and inconsiderate trespasses into our mail boxes.
What are the authorities going to do if 5% of the worlds PC users slam a spammer? Naybe that is a good name for this service, "spammerslammer".
OK programmers, give us an open source "Spammer Slammer"!!!
about this tactic.
/. about how those offended are fighting back surely you have the time to analyze your own servers. Especially when they did come under attack via the screen saver.
One wonders just why?
Surely most Hosting sites have a TOS which forbids sure nefarious activity. Surely then THEY are turning a blind eye to this activity but when it affects their performance they bitch to the ones who are getting revenge instead of simply cleaning up their users and abusers.
Then how many are really IN BED with the spammers?
How many would rather count their money that count the abuser on their servers who violate criminal laws and their TOS?
We are the bad guys? Gimme a break then and just shut yo piehole until YOU clean it up yourself.
They (spammers) shouldn't be that hard to find on your servers. If you can devote the time to whining on
What did the admins then say when they seen the 'hits'? Oh hhhh we must stop that knavish Lycos and the one's using it. They are the real enemy.
That a spammer's attack is spread out over millions of individuals is irrelevant. That's like trying to say it's wrong to steal $100,000 from one bank, but it's ok to steal $10 from 10,000 banks. You've still stolen $100,000 and that's what you should be punished for. If a spammer sends out 10 million spams, and it takes each recipient 0.1 seconds to deal with that spam, the spammer has still cost the recipients 278 hours of productivity. That's 7 weeks of work at 40 hours a week. Saying it's distributed over millions of people is just trying to hide the scope of the problem.
The only good vigilantes have ever done is to hold someone and wait for the police to get there, not tie them to the back of their trailor and drag them accross town to the police station.
The government is an elected body that (in theory anyway) represents everyone and has to act as the highest power in the land or else there is chaos, that doesnt give groups of people the right to act as the highest power and do what they like. Terrorists are vigilantes! you think they are killing people for fun? they have reasons behind what they do and thats exactly what is wrong with them - they are judge jury and exicutioner vigilantes.
This comment does not represent the views or opinions of the user.
... There is always The Lad Vampire
Well it's the start of a trend I hope.
I for one will always support fighting spam.
Collateral Damage?
Boo Hoo.
Also, it seems to me that the majority of Slashdot members don't like fighting spam because it's tagged as illegal or useless.
I for one will take the lesser of the evils.
Let's fight back for the sake of fighting back.
With all the intelligence on here you'd think there would be more suggestions and support than lamentation and hopelessness.
I think the grandparent just might be talking about guns colloquially. You know, biceps. So a mugger with small guns is less dangerous than a mugger with big guns, unless the first mugger knows karate. ...or not. If only he had posted more clearly!
"We have to go forth and crush every world view that doesn't believe in tolerance and free speech." - David Brin
Sigh, another one who approaches the world from the shareholder point of view. Dream on boy - and let the SHAREHOLDER (whoooooow!) be your GOD.
i'm getting on average 40-60 spams a day; they get caught in the 'challenge response' thingy i use (yes, i know it's not a good way to handle spam. anyway), but i still check it for any un-approved email from people who don't bother with the 'challenge', and for the first time in some time there was a significant drop in the amount of spams - down to 10-25 a day - which coincided with the ddos screensaver.
might be a coincidence, but anyway.
"As an end result, depending on how the Lycos client works, the screen savers downloaded from MakeLoveNotSpam.com might be attacking the download site itself," F-Secure said in a notice.
I love how they get quoted as "experts" when they are clearly just spouting stuff they pulled out of their ass.
tasty electronic music vittles
1) Lycos Europe put up a message saying 'stay tuned', i.e. 'we'll be back shortly'
2) Lycos Europe did not respond to requests for comment.
3) A bunch of people unrelated to Lycos Europe disagree with that thing Lycos Europe did.
And this is confirmation that it's being shut down? Am I missing something here?
Even the quotes from the article were grossly misinformed.
"As an end result, depending on how the Lycos client works, the screen savers downloaded from MakeLoveNotSpam.com might be attacking the download site itself," F-Secure said in a notice.
Um, no. The idiot spammers used a META tag. The Lycos screen saver was not a browser, it did not evaluate any HTML on the pages, it just made mindless requests; hence their attempt at redirection was ignored.
Although the Lycos site is no longer offering the screensaver, MADJiC Consulting's Goldberg says it's likely the DDoS attacks against the spammers will continue for some time.
"The software is out there. People have downloaded it and shared it with their friends and family. It's being used and will continue to be used," he said.
Except that Lycos disabled the screen saver when they disabled the website. It says 'stay tuned' as well. Way to fact-check, both eWeek and Slashdot.
Not that I care whether the site comes back... seems ethically questionable at best. But geez, this is not news, it's speculation.
~ Aero
Good thing I browse with flamebait +5, just for kicks, otherwise I would have missed it.
"Yes, Lycos is worse than Spammers in the same way that the government is worse than terrorists and mass murders. After all, the terrorists don't target individuals, they kill everyone they can..."
Who gave Lycos the authority to perform this action? You do realize that DDoS attacks are illegal right? If I go kill some murderers, is that acceptable because they were murderers?
"Vigilante may have a bad name, but there are plenty of occasions where vigilantes have done plenty of good."
So what are you trying to say? Should we accept vigilantes because they sometimes get it right? Do we not have public law enforcement officials for this? What is the job of the law enforcement officials if we are just going to accept that everyone can be vigilantes and break the law when they deem it necessary?
It is the decision of Lycos Management to immediately and indefinately suspend the Anti-Spam Screensaver project. We would like to thank you for your participation and support.
We would also like to inform you that in order to pay for the plethora of legal costs that are sure to come, the e-mail address you provided upon Registration will be sold to as many interested third parties as we can find.
Sincerely,
Dogbert,
Senior Manager, Lycos"
UTF-8: There and Back Again
Personally I find most of the arguments against Lycos anti-spam screensaver naive. Most people don't even realize that their approach is legal.
Is it kind of "vigilante"? You can argue about that but I believe that right now it is the best approach until the "lawful" guys can manage sometime in the next millenium to find another effective way to battle spam.
So is anyone else interested in developing another similar screensaver or other hammering tool that will also run on Linux?
"With all the intelligence on here you'd think there would be more suggestions and support than lamentation and hopelessness."
You're an MCSE so I wouldn't leave it up to you to decide what is intelligent and what is not. If you don't understand the very obvious problems with this system then you need to head back to school. But once again you're an MCSE, so most likely no level of schooling can help you.
I would like to find a program from trusted distributor (open source preferably) that would do the following things:
:)
Would "suck" bandwidth from:
a) spamvertised sites I find in my e-mailbox; or
b) spamvertised sites other people I trust received in their e-mail box'es.
On a)
So I would pick from my e-mails web-sites I want to go down and feed the to the program. It is absolutely LEGAL. They SPAMED me, They PROVIDED their website, and they WILL PAY for extra bandwidth. I am free to post on the web these websites as BAD, NEVER-TO-GO-TO&SUCK-BANDWIDTH-FROM WEB-SITES.
On b)
I trust a few spam-busting sites, and I would be happy if some of those people *would publish addresses of spamvertised sites they received*. (Once again - perfectly legal). This could be published in RSS to which I would link from my program.
Final Result: many people would be getting addresses automatically from spam-busting sites via RSS every 4-6 hours. Those on spam-busting sites would update their RSS as soon as they see spamvertised sites going down, so resources of "bandwith-suckers" would not be wasted
This would hurt those who pay spammers and affect economy spam is based on.
For those who argue, that spammers would fight back and become more mean/ would apply illegal tactics: This is GOOD. The more illegal things they will do, the more likely they are going to be busted by law enforcement.
I quess eferything is legal in my proposal: everybody is free to publish spamvertised web-sites he/she received and everybody is free to "suck" bandwidth from web-sites.
P.S. Of course program should pick only IP's from RSS, sucking should be made in non-rerotable manner and so on, but this is just technical details programmers would take into account.
i think they should have kept it going, it wasnt hurting anything anyways (other than what it was intended to hurt). those spammers really havent slowed down with everything else we've tried (passive things, like filters). then when we get an idea that works offensivly, people accuse it as being as being "irresponsible" and "vigilant". think of all the bandwidth these jerks have wasted from sending their garbage. billions upon billions of emails, and when we send small stuff to them using lyco's thing, people start to get pissed off. and screw you eweek.com, you should check your definition of a DOS attack. lycos wasnt trying to kill their servers, just trying to raise their costs a bit by having users load their site.
SPAM effectiveness and ease of propagation comes almost exclusively from the bogus security model of Microsoft Windows. There would be no reason for such measures taken by Lycos and others if it were not for this. The real question is why doesn't the U.S. government step in and make Microsoft do something real with the ridiculous secuirty model that is Microsoft Windows? If only the following Microsoft blunders were fixed, spammer's freedom to operate would be greatly limited: 1. Windows Administrator accounts only used for installing programs and maintenance - nothing else. Normal operation fgorced to use regular limited user accounts only. Windows should default to this and make this mode of operation mandatory. Duh, what a concept. Service packs for NT/2000/XP should implement this. 95/98/ME users are SOL here. 2. Service pack to remove *all* Microsoft Internet browser and email program scripting language functions except for a few of the most basic functions that would only allow graphic manipulation and very limited file read/write access of specific areas on the hard drive. 3. Email read/write limited to plain text and/or plain html. No program execution from email message links or attachments at all. 4. Windows functionality/repair/upgrade/features etc. installation only allowed using administrator login and done using the old and forgotten way by first downloading the program, saving to a file, then running it. No automatic program executions here. And yes, Granny CAN do this too. Any Windows operating system functions/features that Microsoft has stupidily embedded that will break because of these measures - be damned! These steps would take easy infection Internet driven spyware and viruses out of the spamming loop which would wipe out much of the spammer's methods. This in turn would make filtering and controlling SPAM actually possible and even easy.
I use the KISS formula...
Assuming you stick to actual spammers, who's going to sue Lycos over this? The spammers? Doubtful - they'd probably have to give up personal info in such a lawsuit. And my goodness, but wouldn't THAT be some kinda fun that we could all get into?
Life Insurance in Canada
On the other hand, the articles on Lycos didn't explain exactly how their attacks worked, but if they're submitting lots of database queries to the spammer web pages to fill them up with garbage, it doesn't need as much bandwidth as a bandwidth-sucking attack.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
nt
Lycos' program isn't doing anything wrong, they are simply doing what spammers do. They are not trying to take down their servers via illegal attacks. Their goal is to increase the amount of useless traffic to a spammer's website. The point is to make their bandwidth costs overwhelm their profits and put them out of business. Hmm, wasting bandwidth for personal profit, who else is guilty of that??
I still haven't seen a clear, cogent argument for why this is not a good strategy... "We shouldn't fight fire with fire" or "We shouldn't sink to their level" are not arguments, they are feelings. Personally I am disappointed that Lycos is shutting it down...
1, 2, 3, 4, 5... That's the combination on my luggage!
Anonymous Coward wrote on Saturday December 04, @08:50AM (#10996046)
Sadly, no, it wouldn't have the same effect. Links anywhere are subject to redirection by meta refresh tag and by DNS modification to point Web traffic to any other host on the planet.
Something like this has to be done the way Lycos was doing it, with human qualification of the target sites, retrievals by mechanisms less intelligent than browsers, and with monitoring of host/IP settings to catch DNS redirection.
Of course the open source community could come up with a substitute potentially even better than the Lycos tool...
Design for a Free Open Source Spamsite Hammer
The key to the legitimacy of a user doing this is that SPAM emails contain explicit invitations to visit the spamvertized Websites. There can be no implied or inferred limit to the browsing an invitee does on a publicly accessible Website, at least not within the range of what a human could or might do, even an obsessive-compulsive human who can't resist clicking on all the links he or she finds on the site that extended the invitation. Nor can there be any limit to the use of automated tools, as those have legitimate roles in off-line browsing of downloaded Websites. To the end of making the tool's HTTP requests indistinguishable from regular browser requests the retrieval tool could intelligently construct "Referer" headers and use a very common "User-agent" header, and request actual documents as a browser would instead of formulating invalid requests as the Lycos screen saver did. This would simply make it very difficult for a spamsite operator to figure out who is who and who is doing what.
The short version of the design spec:
The email-based target list builder should, if the final retrieved web page is determined by the user to be spammy, add to the target list any and all redirection sites along the way. Often the SPAM email contains the URL of a middleman redirector and it's not unusual for the second site to also be a redirector.
Once the user has confirmed that the target is a spamvertized Website, all redirectors leading there are added to the target list and the host/domain(s) and IP address(es) are logged.
The background process works from the target list, perhaps at a rate that is somewhat configurable by the user.
Using low-level TCP to retrieve objects should make it possible to avoid malicious HTTP redirection to innocent sites. Qualification of a target site and all normal spam response redirector sites leading to it is accomplished merely by the go/no-go determination by the user of the spamminess of the ultimate Web page retrieved.
The background process would do a forward DNS loo
Look at the bright side: there's always seppuku.
"We shouldn't fight fire with fire"?????
Try telling that to the jarheads(Marines) who are actively killing those who preyed upon and dealt death to our citizens.
Fire can kill fire. It can also kill terrorist Islamics.
Regarding vigilantism.
How would you then label Todd Beamer who took upon himself and with the help of others, performed a bit of vigilantism on Sept 11 of the year 2001?
Did you say Hero? I agree and also he took the law into his own hands. Does that fit the above posters description of vigilantism?
Most of the Constitution as far as I read it has to do with the reality of property and the ability to defend same. Isn't that the difference between us and the communists? Or say N. Korea where they are apparently still eating the bark off the trees for food.
In some states the use of deadly force to protect property still exists. Not usually a Blue state though.
Collateral Damage?
Boo Hoo.
I hope you one day find your website is unfortunate enough to be on the same host or downstream feed as a spammer being targetted. Collateral damage is OK when it happens to someone else, right?
Or perhaps your ISP will shut down your account for abuse, as you are participating in a DDoS attack.
Or perhaps your ISP will shut down your account for abuse, as you are participating in a DDoS attack.
Possible, yes. But is not flooding someones mailbox with junk mail from distributed sources also is as much as a DoS? Are we saying lame spammers can send us unwanted electronic communication but we the consumer can't do the same?
The fact is if a million people did this the ISPs would not kick anyone off. They do not want to loose that much revenue. If they did kick people off how do spammers get connected?
The na-sayers to this are likely lawyers and spammers and perhaps a big software companies with other motives. If the people of the internet stood up to spammers their would be no choice but for spammers to disappear. We don't need big digit time consuming solutions. We just need to stand collective.
Most ISPs would overlook the presence of a well writen anti-spam DoS program. They already do with programs like Kazaa as they know without Kazaa that many would disconnect their expensive high speed connections.
There are different kinds of high-volume attacks against spammers. Some, like the Artists Against 419 web page just download lots of images from the spammer, burning their bandwidth quotas and their 95%ile billing systems. Some submit requests to the spammer's web forms filling them up with junk or complaints. Some send lots of complaint emails to the ISP. All of those seem perfectly fair, particularly if they're directed at the spammers' web pages which are usually cheap services. And yes, some of them try to take down the machine through various mechanisms, which can be rude.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sure, it's a whack-a-mole game, and if you only take out two of them, there'll be two more to take their place. It's obviously more effective if you can take out two big ROKSO-known spammers as opposed to two little ones, but it's at least a start.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The Artists Against 419 page uses a browser with some Javascript or equivalent to repeatedly download web pages from Nigerian 419 scammers. It's much less efficient, because the browser renders all the pages each time instead of just downloading them to /dev/null, and it's not a screensaver, but it's a no-brainer to use.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's an obvious idea, but unfortunately an inadequate one. Too many spammers, especially phishers, include legitimate URLs to evade Bayesian filters or trick users into thinking they're really getting email from Citibank. Most of the legitimate URLs are big enough it's not a problem (e.g. Citibank probably wouldn't notice the hit), but some are smaller and would suffer. So you've got to check the URLs, probably manually, and only hit the ones that aren't legit. Also, lots of spammer URLs really go to free web sites where they redirect to their real ones using Meta-Refresh or whatever, so the URL you're pounding isn't the real target.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Some ISP's allow abuse. Some ISP's don't. Are you buying from the same ISP that is supporting spammers? I rather doubt it. So your ISP may kick you for abuse that the spammers ISP would ignore.
I'm not strongly in favor or, or upposed to, the idea of driving up the spammers costs this way. However, anyone considering it should realize that depending on their ISP, there could be a price.
for example:
http://www.aa419.org/ladvampire.html
reloads pictures from spam pages every few seconds and eating up their bandwidth.
--
jail all spammers and scammers
its not off topic and heres how: the lycos site was makelovenotspam - a spin on john lennons make love not war, john lennon was assasinated in dec 1980, the site was killed in dec 2004 - i didnt realise we lost points for poor hmor/bad taste too
Avtech Direct
22647 Ventura Blvd. Suite 374
Woodland Hills, CA 91364