Lycos Pulls Vigilante Anti-spam Campaign

davidwr writes "Eweek reports that Lycos is scrapping it's anti-spam campaign: 'On Friday, Lycos Europe gave up the ghost, posting a 'Stay Tuned' note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.' See previous Slashdot coverage from Nov. 26, Dec. 1, and Dec. 2."

Re:Existing installations?

[grazzy]

Nope, it says "Stay tuned" there too.

Netcraft Reports

[the_mighty_$]

Netcraft is reporting this too. Check out there story here. I wonder if the fact that several Internet backbones were blocking Lycos's site had anything to do with them finally deciding to pull it. My guess is simply that this was creating too much bad publicity. Everyone was talking about how Lycos was using unethical tactics to try to stop spam. Lycos probably figured it was not worth it.

Anti spam from a spyware vendor?

[Shaper+of+Myths]

I stopped trusting Lycos the day I started finding this bloody thing on my customers computers. That they tried and failed at something so shady in the first place doesn't seem like much of a surprise to me. This was just some poorly done publicity stunt, probably dreamed up in by some PHB deep in the dungeons of their marketing department.

one thing i've noticed

[m2bord]

i report every piece of spam i get and one thing i've noticed since lycos announced this program is the inclusion of the nvidia.com and yahoo.com domain names as active links in the spam.

this is no doubt an attempt to direct the ddos over to innocent bystanders.

lycos is going to have to realize that the only way to stop spam is to remove the financial reward to those who do spam.

don't buy from spamvertised companies and you'll see the spam problem diminish.

Re:Personally a bit of a shame

[nchip]

You are drawing conclusions. f-secure didn't say that the meta tag was FOLLOWED by lycos client, merely that spammers added a meta refresh tag. In fact, it was debunked it on their weblog:

Update on 4th of December, 2004: Lycos has confirmed to us that their screensaver does not follow Meta Refresh tags, so this attempt by spammers will fail. --Mikko

Re:Good, it was stupid

Semantics are a wonderful game. You can use them to conceal your real intent and to cloud the judgement of others "Starving bandwidth from known spammers is not a Distributed Denial of Service attack" and of course the Slashdot favourite "Copyright Infringment is not Theft". Twaddle. Have the balls to call a spade a spade; Lycos were orchestating a Distributed Denial of Service attack against certain hosts on the internet.

If you want to DDoS slashdot? Sure go ahead, you're probably one of those 1% Cmdr. Taco is talking about anyway reloading mainpage every other second.

You went from 0 to Strawman in sixty seconds. Pretty impressive, but how does your ability to veer off-topic and draw baseless conclusions and create wild accusations have any bearing on your argument?

Re:Bouncing email ???

[iBod]

Spammers invariably spoof the return path so it doesn't achieve anything (except for adding yet more useless traffic to the Internet).

It's more like taking the garbage off your lawn an scattering it up and down the street.

Re:inevitable

[zokum]

I live in Norway too, and what you are sauing is not true. _Handguns_ are more or less outlawed, but other types, such as hunting rifles are not. Norway is one of the countries in the world with the most guns per person. These are however large rifles and other hunting guns, things that are impractical for school massacres etc. And noone has stupid weaponry like machine guns or pistols. Those make no sense for hunting, and would there be an invasion I reckon you could use rifles more efficiently for sabotage than pistols. There is also VERY strict gun control. Seing how the amount of gun-violence is VERY low, I think our system is FAR superior to the antquated mess they got in the US.

Proposal for a replacement

[vacuum_tuber]

Anonymous Coward wrote on Saturday December 04, @08:50AM (#10996046)

I propose Slashdot's editors agree to "accidentally" incorrectly rewrite one submitted link per week to point to the site of a major spammer.

It will have exactly the same effect as the Lycos DDOS screensaver...

Sadly, no, it wouldn't have the same effect. Links anywhere are subject to redirection by meta refresh tag and by DNS modification to point Web traffic to any other host on the planet.

Something like this has to be done the way Lycos was doing it, with human qualification of the target sites, retrievals by mechanisms less intelligent than browsers, and with monitoring of host/IP settings to catch DNS redirection.

Of course the open source community could come up with a substitute potentially even better than the Lycos tool...

Design for a Free Open Source Spamsite Hammer

The key to the legitimacy of a user doing this is that SPAM emails contain explicit invitations to visit the spamvertized Websites. There can be no implied or inferred limit to the browsing an invitee does on a publicly accessible Website, at least not within the range of what a human could or might do, even an obsessive-compulsive human who can't resist clicking on all the links he or she finds on the site that extended the invitation. Nor can there be any limit to the use of automated tools, as those have legitimate roles in off-line browsing of downloaded Websites. To the end of making the tool's HTTP requests indistinguishable from regular browser requests the retrieval tool could intelligently construct "Referer" headers and use a very common "User-agent" header, and request actual documents as a browser would instead of formulating invalid requests as the Lycos screen saver did. This would simply make it very difficult for a spamsite operator to figure out who is who and who is doing what.

The short version of the design spec:

1. A background distributed-computing type of app that uses only otherwise unused CPU time to hammer targeted Websites,
2. that uses low-level TCP to request objects from servers on its target list,
3. that does forward DNS lookups either every time or periodically to verify that a target's DNS has not been repointed to a possibly innocent third party,
4. that has a companion email plug-in that allows the user to flag an email as SPAM,
5. that has a companion site qualifier that parses the often obfuscated URL(s) from the selected email,
6. that retrieves the Web page from each spamvertized URL for review and confirmation by the user,
7. that offers the user the option to add the URL to his personal target list, and
8. that logs the SPAM email, the de-obfuscated URL, any redirection URLS along the way, and the Web page so retrieved.

The email-based target list builder should, if the final retrieved web page is determined by the user to be spammy, add to the target list any and all redirection sites along the way. Often the SPAM email contains the URL of a middleman redirector and it's not unusual for the second site to also be a redirector.

Once the user has confirmed that the target is a spamvertized Website, all redirectors leading there are added to the target list and the host/domain(s) and IP address(es) are logged.

The background process works from the target list, perhaps at a rate that is somewhat configurable by the user.

Using low-level TCP to retrieve objects should make it possible to avoid malicious HTTP redirection to innocent sites. Qualification of a target site and all normal spam response redirector sites leading to it is accomplished merely by the go/no-go determination by the user of the spamminess of the ultimate Web page retrieved.

The background process would do a forward DNS loo