Slashdot Mirror
Lycos Pulls Vigilante Anti-spam Campaign
davidwr writes "Eweek reports that Lycos is scrapping it's anti-spam campaign: 'On Friday, Lycos Europe gave up the ghost, posting a 'Stay Tuned' note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.' See previous Slashdot coverage from Nov. 26, Dec. 1, and Dec. 2."
fighting fire with fire doesn't always work
I can't believe the execs at Lycos even had the balls to O.K it as a plan, let alone develop and support it. Corporate sponsored DDoS attacks? What would have been next; MPAA sponsored screen savers that attacked BitTorrant link sites? SCO sponsored screen-savers that attacked kernel.org and Slashdot?
**"I find the anti-spam downloadable DDoS tool to be without a doubt irresponsible, possibly illegal, sets a really bad precedent, gives the wrong impression to users, and possibly the dumbest thing I have heard of this week," said Adrien de Beaupre, an incident handler with the SANS Internet Storm Center (ISC).**
besides than that.. anyone care to pull ye olde form and tick the right places for this particular 'solution for spam'?
world was created 5 seconds before this post as it is.
I for one welcome our new spamming overlords..
But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers with this, or made them feel less secure, in the week this stunt was running. More importantly, look at all the publicity Lycos got out of this; if it wasn't for this spam thing I probably wouldn't have even thought about Lycos's existence once in the second half of this year, and probably you or most of the other people here wouldn't have either. Instead, thanks to makelovenotspam, they've been rescued for at least a moment from obscurity and irrelivance and they've been all over the headlines for a week. Meanwhile, by getting out now Lycos possibly avoids the otherwise-almost-certain legal problems from all of this.
... well probably.
Was makelovenotspam, in its short life, effective? Almost certainly not. Was makelovenotspam a public good? I'd bet not. Was makelovenotspam good for Lycos?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Lycos did win a minor victory in getting it's company name in the news again. Before this I'm sure most people forgot this company existed. Even bad publicity can be good "sometimes".
Lycos made a major blunder with this campaign. I think it actually gave the entire computing community a black eye and am thankfull they pulled it as quickly as they did.
It worked along the same theory that "It takes a criminal to catch a criminal" does. That sometimes, you have to get down and dirty to fight back.
If the only people that got hurt by that kind of plan were the bad guys, I'd buy it. But it doesn't work that way. There is colatteral damage and often times the innocent victims outnumber the bad guys. All that traffic was sent through the internet, across innocent's routers and delayed legitimate traffic. Especially near the end where the bad guys got on the net. I would have hated to be a legit user going through the same service provider as the bad guy!
You could argue that the bad guy's ISP is partly to blame and I'd agree but things aren't that simple. There are several upstream providers and thousands of legit users that were hurt. The colatteral damage was too much.
On top of that, this action gave bad guys ammunition. They are now pretty much able to make a case that other legitamate users are using similar tactics as they are. The screensaver turned end user's computers into bots!
Two wrongs don't make a right. Thank you Lycos for recognizing this a little late but still you did figure it out.
Yeah, like the others have recommended simply install Windows XP and just leave unpatched for a few hours and then you'll be a part of a botnet and DDOS'ing someone near you very soon.
When you get a spam, you put it in a special folder and the client repeatedly accesses the site
So how do you determine which is the right site programmatically?
Go off the email address? Won't work becasue the vast majority of spam uses forged From addresses (I regularly get bounces for spams some asshat has sent with my domain in the from:)
Write something that interprets the email headers and attacks the originating IP? Won't work thansk to the army of windows boxes running proxies to hide the real sender - you'll just end up attaching an innocent, if ignorant, DSL peon.
Write something that grabs URLs from the email and attacks that? Won't work either.. well, it will work, it just means that now all a spammer has to do is bung the URL of a competitor or someone they don't like in there and now you're doing a DDoS for them.
Pretty much any scheme you come up with has so many ways around it or possible abuses that it'd be more dangerous than the problem itself. Even if it isn't determined programmatically, relying on some degree of user interaction or target selection, it is likely to be open to abuse.
Vigilante really means "someone who thinks they are above everyone else and the law" which is basically the same definition as a criminal. In fact I would even go as far as to say Lycos are worse than spammers in principle - spammers don't target individuals they mail everyone they can find, and separate spam groups don't collaborate to fill your box, they are all independently adding their contribution. Vigilantes often make mistakes and because of their revenge attitude their punishment is often worse than the original crime. Take the recent Mexico City lynch mob, not only did they get the wrong people, but their burning someone to death demonstrated that they were far sicker than even the worst of those they were trying to target. Vigilantes are just wrong. Lycos should be prosecuted if they've broken the law on this, otherwise the law needs to be revised.
We can find a solution to spam and it doesn't need to involve stupidity.
This comment does not represent the views or opinions of the user.
rtfa? apparently they did.
**Evidence of a shooting war in cyberspace was uncovered by anti-virus vendor F-Secure. The company reported that one of the spam sites under attack by the Lycos screensaver simply added a Meta Refresh tag that redirected all incoming traffic back to Lycos.**
Does the article say anything about the screensavers ability to execute said meta refresh? No. The article is obviously written by a journalist that knows little about http. A meta refresh can't possibly "redirect all incoming traffic".
Probably you're right. The only saving grace here is that there are a lot of very, very sharp people around the world (many living in countries that are "freer" from a copyright perspective than the United States ... China, say) that will continue to evolve file sharing technology. In spite of the much-publicized lawsuits and Orrin Hatch's ridiculous public commentary, the entertainment industry has been on the defensive since the original Napster went online. Hell, they've been on the defensive since the invention of magnetic tape. The fact that mass entertainment has not only managed to survive but to flourish in an environment loaded with cheap writable media of all kinds seems to have been completely lost on their leadership. I mean, they feel that they should be guaranteed, by law(!!!), every single dime they claim is owed them. Few other businesses operate under such a delusional perspective. Something is very wrong with these people, and I mean seriously wrong. Paranoia at best, treason at worst (and I'm not exaggerating that ... the brain-damaged laws that the entertainment industry has promulgated in the past several years have impacted America's technological efficiency at a time when it can least afford it.) If the Justice Department really wants to do its job, forget about serving as copyright police: some high-profile criminal proceedings targeted at the RIAA/MPAA leadership and some select Congresspersons would better serve the public trust.
The higher the technology, the sharper that two-edged sword.
I've seen several mentions of "have your email program open all the links in spam."
I'm betting someone is modding Thunderbird to do this with any message that winds up in the spambox as we speak.
Of course, this would make everyone using such a program an unwitting participant in a Joe Job:
I want to bring down a web site, so I spam a link to it, and a million anti-spammers's mail programs visit the URL in a short period of time, knocking it offline or raising the bandwidth costs.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If those machines are dDOSed their zombie problem will get fixed in a hurry (because the ISP/owner won't want to pay for the traffic, which they will have to notice because the line is going to be completely saturated). I fail to see that as a bad thing.
That a spammer's attack is spread out over millions of individuals is irrelevant. That's like trying to say it's wrong to steal $100,000 from one bank, but it's ok to steal $10 from 10,000 banks. You've still stolen $100,000 and that's what you should be punished for. If a spammer sends out 10 million spams, and it takes each recipient 0.1 seconds to deal with that spam, the spammer has still cost the recipients 278 hours of productivity. That's 7 weeks of work at 40 hours a week. Saying it's distributed over millions of people is just trying to hide the scope of the problem.